identity and verification in the digital age
TRANSCRIPT
July / August 2016 / paymentscardsandmobile.com
Identity and
verification in
the digital age
in this issueCARD NOTES
Brexit impact
CHAT BOTS
Have you got a bot for that?
SECURITY
The insider threat
ISSUING & ACQUIRING
The un-virtuous circle of chargebacks
www.paymentscm.com
July | August 2016 Volume 8, Number 4
Editor-in-chief and publisher Alexander Rolfe Tel +44 1263 711 800 [email protected]
Staff Writer Joyrene Thomas Tel +44 1263 711 800 [email protected]
Contributors Lars AaseChris JonesJoyrene Thomas
Head of Business Development Wendy Sanders Tel +44 1263 711 801 Fax +44 1263 456 100 [email protected]
General Manager Gemma Haywood Tel +44 1263 711 800 Fax +44 1263 456 100 [email protected]
Subscriptions and General Gemma Rolfe Tel +44 1263 711 800 Fax +44 1263 456 100 [email protected]
Address Payments Cards and Mobile The Stable, Hall Yard Kelling, Holt NR25 7EW United Kingdom
Cover, Design and Origination Adam Unsworth
Printing Micropress Printers
All rights reserved. No part of the publication may be reproduced or transmitted in any form without the publisher’s prior consent. While every care is taken to provide accurate information, the publisher cannot accept liability for errors or omissions, no matter how caused.
Payment Cards and Mobile™ is owned and published by PaymentsCM LLPISSN 1759-829X
© PaymentsCM LLP 2016
Editorial Advisory Board
John BernsManaging Partner, Accourt
Sylvie Boucheron-Saunier General Manager, Continental Europe, ACI
Robert Courtneidge Global Head of Cards and Payments, Locke Lord
June Felix President – Europe, Verifone
Denise Gee Director, Magna Carta
Simon HardieDirector, Magna Carta
As the summer arrives in the Northern hemisphere and everybody realises that the earth is still spinning, despite some of the horror stories around Brexit, the payments industry can pat itself on the back and take a well-earned rest.
Sorry folks, that is the opening line to a payments industry a long time ago in a galaxy far, far away. The summer may have arrived, but those of you with your finger on the pulse will have realised that there is a lot going on with no let up.
In this issue we could hardly fail to present some initial outlooks for the payments industry around Brexit, but we have kept it to a minimum! Disruption and customer service are still of paramount importance to the industry. In this issue, we cast a critical eye over the evolving market of bots for banking, giving some insight into how the future of this nascent part of the industry might look.
Similarly, fraud does not always come down to nefarious organised crime gangs. Beware the insider threat in your organisation, they may not even realise that it is their carelessness and that of their management that is causing the issue.
Finally, identification and verification has always been at the heart of banking and payments, and now, in the digital age even more so. In this in-depth feature we discover how the industry and consumers are coping with the prolific rise of newer types of authentication.
Alexander Rolfe, Editor-in-chief and publisher, Payments Cards & Mobile
contents
4 payments cards and mobile / July / August 2016 www.paymentscm.com
NEWS IN BRIEF
6-7. THE PAYMENTS WORLD IN 60 DAYS
CARD NOTES
8. BREXIT: IMPACTS ON UK CONSUMER PAYMENTSFollowing Britain’s momentous decision
to leave the European Union, thoughts
inevitably turn to the potential impact on
UK consumer payments.
9. CARD FRAUD RISES GLOBALLYCard fraud rates are on the rise in many
parts of the world despite the widespread
adoption of fraud analytics solutions by
financial institutions and retailers.
10. DATA BREACH COSTS RISING TO $4 MILLION PER INCIDENTThe average cost of a data breach for
companies is around $4 million, a 29
percent increase since 2013, according
to a survey by the Ponemon Institute.
11 . VISA INC COMPLETES ACQUISITION OF VISA EUROPEThe deal is done. Visa Europe has sold
its European business to Visa Inc
and has ceased to be a membership
association.
11 . US RETAILERS SUE VISA OVER PIN-BASED DEBITWal-Mart is suing Visa Inc for the right
to choose how customers verify debit
card purchases in store.
11 . MASTERCARD FACE £19 BILLION CLAIM OVER FEESMasterCard is facing a multi-billion
pounddamages claim for imposing
interchange fees that were ultimately
borne by UK consumers.
ISSUING AND ACQUIRING
24. THE UN-VIRTUOUS CIRCLE OF CHARGEBACKSIs the card scheme dispute resolution
system broken?
24. GETTING THE FRAUD MANAGEMENT BALANCE RIGHTFraud management is a three-way
balancing act between minimising fraud
losses, minimising operational costs and
maximising revenue.
25. EC CRACK DOWN ON VIRTUAL CURRENCIES AND PREPAIDThe European Commission is proposing
to expand its anti-money-laundering
rules to cover virtual currencies and
prepaid cards, in a bid to fight terror
financing and tax evasion as revealed
in the Paris attacks and the Panama
Papers disclosures.
25. SBERBANK TO LAUNCH MVNO FOR MOBILE BANKINGThe Russian bank has founded a new
subsidiary – SB-Telecom – which will act
as an MVNO.
25. UK DEBIT CARDS REACH 100 MILLION FOR FIRST TIMEThere are now more than 100 million
debit cards in circulation in the UK for
thefirst time. The milestone was passed
in April, the latest figures from The UK
Cards Association show.
MOBILE PAYMENTS
26. MOBILE BANKING AND MOBILE PAYMENTS SURGE IN EUROPEIf you don't already bank, shop or make
mobile payments using your mobile
device, there’s a good chance that you’ll
start within the coming year.
27. THE STATE OF PAYIt's been a busy 60 days in the world
of mobile payments with further roll-
outs, new entrants and a prominent
withdrawal. PCM rounds up the latest
state of Pay.
COVER FEATURE
12-15.
IDENTITY AND VERIFICATION IN THE DIGITAL AGE
At a time when identity theft, account takeover and fraud losses are on the rise, how does the industry up its authentication game?
FEATURE: CHAT BOTS
16-18.
HAVE YOU GOT A BOT FOR THAT?
We track the rise and possible implications of bots for banking and business.
FEATURE: SECURITY
20-22.
THE INSIDER THREAT
Companies are faced with a two-fold problem: protecting their data from those who have access to it from the inside, and from those who exploit the human factor to access it from the outside.
contents
www.paymentscm.com
www.paymentscm.com payments cards and mobile / July / August 2016 5
CONTACTLESS
28. THE INTERNET OF THINGS & NFCBy connecting billions of familiar
devices, the Internet of Things (IoT)
promises to improve how we live, work
and play by turning our homes, cars,
offices and cities into smart,
interactive environments.
28. 60 DANISH BANKS LAUNCH NFC MOBILE WALLETNets has been selected by Danish
banking collective, the BOKIS
partnership,
to launch a new NFC mobile wallet
solution powered by its HCE and
tokenisation platform.
29. APP CHAOS AFTER APPLE’S NEW RULING UPDATEApple changes the terms and conditions
for app developers, which could well
cause chaos.
29. NFC VS IBEACON – DIGITAL RETAIL MARKETING SPEND TO DOUBLENew data has found that spend on
digital retail marketing is set to increase
from $174 billion in 2015, to $362.1
billion by 2020.
29. CONTACTLESS AT THE SPEED OF LIGHTIn the future, consumers may be able
to make contactless payments from any
smartphone using light instead of NFC.
E-COMMERCE
30. US E-COMMERCE HITS NEW RECORD OF $373 BILLIONAccording to Forrester Research, US
e-commerce is expected to reach $373
billion in 2016. That figure will grow to
more than $500 billion by 2020.
30. DIGITAL COMMERCE IN ASIA PACIFIC RECORDED 113% GROWTHAccoring to Euromonitor's data, Asia
Pacific continues to top the digital
commerce table in 2014 – 2015, with
mobile retailing sales reaching $200
billion, an increase of 113 percent.
30. AMAZON EXPANDS DASH BUTTON ORDERING SERVICEOne year since launch, Amazon has
expanded its Dash Button automated IoT
ordering service to more than 150
brands, including beverage, grocery,
baby, toy, pet and household supplies
brands.
31. FACEBOOK BUILDING UP ITS PAYMENT NETWORKFacebook is launching a native store
locator where users can search for
stores
around them.
POS TERMINALS
32. NEXT GENERATION PAYMENT TABLETS LAUNCHEDThe enterprise point of sale is
changing. It is becoming increasingly
mobile and payment is being integrated
together with other functionality.
PRODUCTS
35. SANTANDER STARTS BLOCKCHAIN TRANSFERSSantander UK has announced that
it is experimenting with international
Blockchain payments.
35. ACI CONSOLIDATES ACQUISITIONS WITH E-COMMERCE LAUNCHACI Worldwide consolidating its recent
e-commerce acquisitions with the launch of an
SaaS-based e-commerce payments solution.
35. AMEX LAUNCHES QUICK CHIP FOR EMV CARD TRANSACTIONS AT POSAmerican Express has announced the
availability of Amex Quick Chip, a technology
that enables merchants to provide a more
seamless experience at the point of sale for
cardholders when they pay with their EMV
chip cards.
CONTRACTS
37. VOCALINK IN UNIONPAY ATM TIE-UPVocalink, the british operator of
the Faster Payments service, has
announced a five-year deal with
UnionPay International to enable
UnionPay cardholders to access ATMs
across Europe and the UK.
37. ADVENT AND BAIN MAKE ITALIAN ACQUISITIONPrivate equity firms Advent International,
Bain Capital and Clessidra have
acquired Setefi Services and Intesa
Sanpaolo Card from Intesa Sanpaolo for
€1,035 million.
37. FIME ACQUIRED BY CHEQUERS CAPITALFIME, a certification and testing company,
has been acquired from Orange by
independent investment firm Chequers
Capital for an undisclosed amount.
37. GLOBAL BLUE BUYS DCC FIRM CURRENCY SELECTGlobal Blue, a Swiss-based tourist tax
refund company, has acquired
Australian firm Currency Select from
Travelex forA$65 million.
37. AMEX UPDATE USFRAUD POLICIESIn an effort to promote further adoption
of EMV in the US, American Express
announced changes to its EMV
chargeback policy to help merchants
limit their fraud costs as they upgrade
their POS systems.
CONFERENCES
38. PAYEXPO EUROPE 2016Nearly 2,300 delegates from 850
organisations across 52 countries
attended PayExpo Europe 2016 at
London’s Excel on 7-8 June, making the
event 25 percent larger than last year.
POST EVENT REPORT
www.payexpo.com/europe
2016EUROPE7-8 JUNE 2016 // EXCEL, LONDON
I loved it. I am new to the job and it has given me great insight. A great experience, I am keen to come again.Robert Ratcliffe, Payments Project Manager, Argos
“HELLO, WORLD.” SO BEGAN the
first Tweet sent by the UK intelligence
agency GCHQ in mid-May. The agency’s
debut on social media was a type of
computer in-joke. The words are among
the first programmers learn to write in
various coding languages. In an interesting
turn-around for an organisation more used
to listening to its customers, Andrew Pike,
director of communications at GCHQ, said:
“In joining social media GCHQ can use its
own voice to talk directly about the important
work we do in keeping Britain safe”. GCHQ
has around 34,000 Twitter followers.
A GROUP OF RUSSIAN banks
and financial services companies
has formed a private-sector consortium
focused on Blockchain applications,
according to Coindesk. Payment processing
firm QIWI, B&N Bank, Khanty-Mansiysk
Otkritie Bank, Tinkoff Bank and MDM Bank
are among those in the consortium. The
group will work on proofs-of-concepts, joint
research and technology standards, plus
policy outreach with domestic regulators.
The move comes months after QIWI hoped
to create a Russian R3CEV, a reference
to the 40-strong consortium focused on
developing distributed ledger technology.
FRENCH AND ITALIAN POLICE and
Europol have busted an international
ATM skimming ring estimated to have
caused more than €500,000 in losses.
The criminals harvested card data by
skimming ATMs across France, and created
fake cards to withdraw cash from ATMs in
Asia and the US. The operation resulted in
multiple house searches in France and Italy.
Micro cameras, card readers, magnetic
stripe readers and writers, computer and
mobile phone equipment, thousands of
blank plastic cards as well as two handguns
and five vehicles were seized. Nine people
were arrested.
PINTEREST’S ‘PIN IT’ BUTTON is now
available in the offline world following
a partnership with Brazilian furniture retailer
Tok&Stok. Shoppers with Pinterest accounts
and the PinList app can save furniture items
to their online pin boards when browsing
in-store. The physical ‘Pin it’ buttons contain
an internal circuit with a battery and low-
range BLE board. Pressing the button sends
a signal to the customer’s mobile, which
publishes the item online.
THE FINNISH GOVERNMENT IS to
pay prisoners via prepaid cards.
Each card is tied to a specific IBAN number
and prisoner and can be loaded by prison
authorities with wage payments as well as
by family members. “Offering a cashless
alternative is beneficial to both our prison
service and inmates as we can disburse
spend on the card on a constant basis.
This eliminates any issues with the safety
of prisoners’ transactions but also allows
economies of scale by operating a more
streamlined and efficient system across
our prison network,” said Eija-Riitta Nelin,
project manager at the Finnish criminal
sanctions agency.
THE BANK OF ENGLAND is
launching its own accelerator to
engage with FinTech firms on the unique
challenges a central bank faces. The
accelerator has already undertaken work
around data anonymisation, cyber security
and distributed ledger technology. Other
areas of potential interest for the Bank
include finding new ways to structure and
analyse large datasets, machine learning
around anomaly detection and pattern
recognition, and protection of the Bank’s
sensitive data. The move comes as the UK
Financial Conduct Authority announced
in May that it had opened a regulatory
sandbox for firms to test innovation.
YAHOO IS TO SELL more than 3,000
patents pertaining to internet search,
online advertising and cloud technology in a
deal that could bring in $1 billion, according
to The Wall Street Journal. Yahoo was one
of the first internet search engines and had
its first initial public offering in 1996. Some of
the patents for sale date back to this period.
The company has retained the services of
an investment bank specialising in patent
sales to run an auction, but did not give a
reserve price for the patents it wished to
sell. Yahoo is in talks with potential buyers
for a sale of its core business.
MICROSOFT HAS BOUGHT THE
professional networking site LinkedIn
for $26.2 billion, its biggest acquisition to
date and the biggest of the year so far. The
purchase price works out at $60 for each of
the 433 million users or $250 for each of the
105 million active users. Microsoft is hoping
to monetise data about users’ career
background, education and professional
connections with the acquisition, as well as
move more quickly into cloud computing.
news in brief
6 payments cards and mobile / July / August 2016 www.paymentscm.com
SCANDINAVIAN BANK, BANK OF Åland, is issuing bio-sourced cards
to support its Baltic Sea Project. The EMV
payment cards are made of a corn-based
plastic substitute, which is biodegradable
and non-toxic if incinerated. The design
on the card front is dedicated to the Baltic
Sea Project, with account details and
corporate logos appearing on the reverse.
Since the 1990s, the bank has offered
a savings account which donates 0.2
percent of deposits from its own funds for
environmental activities. The Åland Islands
are an archipelago in the Baltic Sea and the
smallest region of Finland.
THE NUMBER OF MOBILE
subscribers in Asia Pacific reached
2.5 billion in 2015 and will grow to 3.1 billion
by 2020, according to the GSMA. China,
India, Indonesia and Japan accounted for
more than three-quarters of subscribers in
the region. India is expected to add nearly
250 million new subscribers by 2020, but
smaller countries, such as Bangladesh,
Indonesia, Myanmar and Pakistan, will also
make major contributions.
SINCE OPENING A NEW YORK
office last year, international
payments platform, Currency Cloud, has
processed $500 million in the US during the
first half of 2016. The firm works with more
than 125 platform customers, including
crowdfunders and challenger banks, and
150,000 end-customers. Currency Cloud
processes over $10 billion payments a
year, across more than 40 currencies in 212
countries, and is regulated as an e-money
business by the UK Financial Conduct
Authority. Launched in January 2012,
Currency Cloud had raised $36 million in
funding as of June 2015.
A THANK YOU COSTS NOTHING, or so
the saying goes. But Citigroup and AT&T
are at legal loggerheads over the term. Citi
runs a card loyalty programme based on
the ‘thankyou’ brand in which AT&T was
a partner. However the bank has filed a
complaint at the US District Court saying
that the telephone company’s use of
‘thanks’ and ‘AT&T thanks’ in its own loyalty
scheme infringes its trademark rights to the
phrase ‘thankyou’. Citi claims that AT&T’s
use of the trademarks is likely to cause
customer confusion. AT&T plans to defend
the lawsuit, a spokesman confirmed.
THE CO-FOUNDERS OF LIBERTY Reserve, a Costa Rican-based digital
currency service, have been sentenced
to 30 years in prison between them
for money laundering and operating an
unlicensed money transmitting business.
Arthur Budovsky was sentenced to 20
years for conspiring to commit money
laundering. His former business partner,
Vladimir Kats, was sentenced to 10 years
for money laundering and operating an
unlicensed money transmitting business.
Liberty Reserve was incorporated in
Costa Rica in 2006 and described itself
as being the internet’s “oldest, safest
and most popular payment processor”.
It allowed users to open accounts and
transfer money, providing only their name,
date of birth and an e-mail address.
Liberty Reserve did not require users to
validate their identities and users routinely
established accounts under false names. A
federal agent investigating Liberty Reserve
was able to set up an undercover account
in the name of “Joe Bogus” with an
address of “123 Fake Main Street” in a city
named “Completely Made Up City, New
York”, according to court papers.
news in briefVisa is working with several Indian banks in order to utilise
the country’s biometrics-based national identity system to bring financial services and electronic payments to millions of people. The ‘Saral Money’ account from Visa, Axis Bank, HDFC Bank, ICICI Bank, Indian Overseas Bank and the State Bank of India is designed to solve the long-standing problem of how to authenticate the many millions of Indians without existing bank accounts or adequate forms of ID. They plan to tap into the government’s Aadhaar national identity system which uses fingerprint and iris biometric information to verify users and authorise payments. There are currently 210 million Aadhaar card holders, with the government planning to expand this to 600 million by 2015.
Just 3% of UK organisations have made preparations for the intro-
duction of SEPA for direct debits, lagging behind rivals in France and Germany as the countdown to the 2014 migration begins. The survey of 300 businesses in France, Germany and the UK conducted by Edgar Dunn & Company on behalf of Steria, finds that almost 70% of European businesses are aware of SEPA in general, and more than 80% of businesses have heard about SEPA Direct Debit in France and Germany. However, only 26% of UK businesses are aware of the mandate.
Sweden’s Swedbank is piloting the use of mobile couponing with
merchants in Uppsala, the country’s fourth-largest city which is attempting to eradicate cash as part of a local crime-fi ghting initiative. Swedbank is trialling the use of MasterCard’s mobile application Koy with high street merchants who can use the app to post deals to subscribers that can be redeemed from the user’s smartphone.
VeriFone has had the wind taken out of Sail, its app and dongle-based
system for turning smartphones into card acceptance devices. Having failed to gain traction with merchants, VeriFone will instead off er the technology to banks. Sail was launched in May 2012, but according to the company, the standalone economics of micro-merchant acquiring ultimately proved to be unprofi table.
Vietnamese payment switch operator Smartlink is working with Singapore
tech vendor Tagit to build a mobile bank-ing service. Tagit’s Mobeix platform will be available to over 40 million cardholders belonging to Smartlink’s more than 50 mem-ber banks. Vietcombank will be the fi rst to roll out the service, enabling customers to download an iOS, Android, BlackBerry or Java app that can be used for account information queries, fund transfers, bill payments and mobile top-ups. Through the Tagit system, Smartlink customers will also be able to con-nect with third parties such as utility compa-nies and government agencies.
Royal Bank of Scotland, Lloyds TSB and NatWest in the UK are in
a generous mood, having set aside £10 million to refund customers who forgot to pick up cash dispensed at the ATM. The banks are set to compensate hundreds of thousands of customers who made a withdrawal at the ATM but walked away without the cash. Unlike other banks which automatically re-credit consumer accounts when the machine retracts the forgotten cash, the banks diverted the funds into their own reserves account and only paid up if the customer asked for a refund.
US start-up Movenbank, which has positioned itself as a mobile-only, card-
less, branchless bank, may be forced to off er companion plastic cards to customers in order to be compliant with MasterCard rules. Movenbank is working with MasterCard on a planned February 2013 launch which will see customers issued with contactless stickers that they can attach to their mobile phones, says founder and CEO Brett King. However, he maintains that the fi rm is still “anti-card”.
news in brief
paymentscardsandmobile.com payments cards and mobile | January | February 2013 7
VeriFone has had the wind taken out
Insight is everything!In-depth analysis, industry snapshots, news in brief and authoritative features – Payments Cards and Mobile’s authoritative, impartial, editorial coverage separates hype from happening within the payment cards and mobile payment industry.
Timely insight - on paper - on screen subscribe now!
Visit:
www.paymentscardsandmobile.com
and click ‘Subscribe’
PCM_JF13_40pp.indd 7 28/01/2013 11:49
Timely insight on paper on screen on-line
subscribe now!www.paymentscm.com
www.paymentscm.com payments cards and mobile / July / August 2016 7
UKcard notesBREXIT: IMPACTS ON UK CONSUMER PAYMENTS
FIRST, LET US look at how the two Payment
Services Directives may be approached
by the UK government. Will the PSD1
remain on the statute book, and the PSD2
implemented as planned? The answer at
this stage is probably. Many aspects of
European legislation related to consumer
protection are likely to remain because they
did not fundamentally change existing UK
rights. The UK government’s approach to
account access is generally more progressive
than that embodied in the PSD2, so this
will probably be superseded by UK Open
Data Initiative.
The biggest change will be in the area of
licensing and passporting.
The FCA has established
a good reputation with
innovative European
payments businesses
for its regulatory regime.
These eMoney and
Payment Institutions will
probably have to move
their headquarters to
other European markets,
and the UK will be poorer
for it both commercially
and from an innovations
perspective. Changing the
approach to passporting
will affect the UK’s
cross-border acquirers the most. Many UK
acquirers rely on passporting FCA regulatory
licences to support their local acquiring offers
across the EU. Unless they already have
licences in other EU markets, acquirers will
need to seek new EU regulatory approval to
operate across the continent, and to sign new
merchant contracts.
Second, interchange regulation. The UK
CMA has always taken a close interest in
the payments market, and many issuers
expected interchange to decline in the
medium-term. It therefore seems unlikely
that credit interchange will suddenly return
to its previous levels. It may be that debit
migrates back to the historical fixed price
approach. This is particularly important within
the context of the announced move to a basic
0.2 percent (removing the 50p cap and 1p
fee) expected for Visa Debit in September. We
can therefore expect modest change in the
interchange arena.
How may the international card schemes
react? Both have substantial presence in the
UK, particularly Visa. It seems likely that Visa
Inc. will increase its presence in continental
Europe as part of a wider restructure
as other roles are migrated to the US.
MasterCard may also to shift its emphasis
to Waterloo away from Canary Wharf. Both
schemes will need to adapt their licensing
approaches, but these are already flexible
enough to accommodate the inclusion of
non-EU markets. Such moves by the card
schemes may be to the detriment of London
and the UK, but the impact will probably
be modest.
The impact on data processing and data
security remains unclear. Will the UK be
treated as an off-shore location for card and
payment processing? This will be a matter
for the lawyers to resolve, but it could affect
Visa’s UK processing hub, or MasterCard’s
rumoured purchase of VocaLink. New
payments processors arriving in Europe
from the US or Asia are also much less likely
to locate their business in the UK.
Will there be a substantial change in
the structure of issuers and acquirers of
consumer payments (either cards, credit
transfers or direct debits)? We have already
highlighted the impact on cross-border
acquiring, and both regulators and schemes
will need to adapt accordingly. On the issuing
side markets are unlikely to change their
activities as they are either domestically
focused, or already manage operations both
inside and outside the EU.
Will consumer spend day to day be
affected? Again, probably not. Consumers
in the UK do not use SEPA Direct Debits or
SEPA Credit Transfers domestically. They
will continue their
preference for cards
in store, and online.
The growth in online
payments will continue,
alongside the growth
in contactless in-store.
Similarly it seems
unlikely that there will
be a substantial change
in the merchant
landscape. The UK
will remain a vibrant
market where retailers
online and offline will
fight for consumer
spend. It seems less
likely that an exit from the EU will impact this
to any great degree.
There may be some potential downsides
particularly in the area of acquiring and
processing. Will there be any upsides? At this
stage it is a struggle to see any, which is a
great disappointment. Perhaps benefits will
emerge from the current maelstrom by 2017.
So, in conclusion, impacts on the UK
consumer retail payments market will most
probably be concentrated in areas such
as licensing, cross-border acquiring and
processing. However, in the long-term there
is optimism that the UK consumer payments
market is likely to remain innovative and
forward-looking and overcome these issues.
Following Britain’s momentous decision to leave the European Union, thoughts must inevitably turn to the potential impact on UK consumer payments. Chris Jones, director, PSE Consulting, provides some early thoughts on how the UK market may be affected.
8 payments cards and mobile / July / August 2016 www.paymentscm.com
CURRENT TOTAL CARD FRAUD RATED BY COUNTRY
CARD FRAUD RATES are on the rise in many
parts of the world despite the widespread
adoption of fraud analytics solutions by financial
institutions and retailers, along with EMV in most
countries, according to a new global from ACI
Worldwide and Aite Group.
The report 2016 Global Consumer Card
Fraud – Where Card Fraud Is Coming From
surveyed over 6,000 consumers across 20
countries. It reveals nearly 30 percent of global
consumers have experienced card fraud in
the past five years, classified as unauthorised
activity on three types of payment cards (debit,
credit and prepaid). 17 percent of respondents
experienced more than one incident of fraud,
compared to 13 percent in 2014.
The report warns that fraudsters
worldwide are getting more sophisticated.
It states that “the underground economy
for user information has matured so
much as to be indistinguishable from a
legitimate economy.”
Widespread risky behaviours, such as leaving
a smartphone unlocked when not in use, are
another reason for rising fraud rates. According
to the report, the overall risk for fraud is rising
due to the global increase in smartphone and
tablet usage. So-called application fraud is
equally on the rise due to consumers publishing
increasing amounts of private data on social
media platforms.
“Our latest report shows that card fraud
remains an issue of deep concern for
consumers worldwide. As fraudsters are getting
more organised, it is fair to say that, at this
point in time, the assumption should be made
that almost all users’ credentials and card
information has been compromised,” says
Andreas Suma, global lead fraud and data, ACI
Worldwide.
“It is also no surprise that there is a direct
correlation between fraud rates and consumer
trust and loyalty. As our data illustrates, for
financial institutions it is more critical than
ever to implement effective fraud prevention
solutions.”
COUNTRIES WITH THE HIGHEST PERCENTAGE OF CARD FRAUD
• In 2016, Mexico leads the way at 56
percent, followed by Brazil at 49 percent
and the US at 47 percent (In 2014, the
UAE, China, India and the US topped the list).
• The US is the only country to remain
in the top three list both years, due in
part to being a laggard in the roll-out
of EMV chip cards, so skimming and
data breaches continue to be
security challenges.
• European countries experience less card
fraud than countries in the Americas,
mainly due to earlier adoption of EMV
and other security advances; fraud
rates for the UK were 29 percent, Italy 27
percent and Germany 18 percent.
RISKY CONSUMER BEHAVIOUR
The report also reveals that risky consumer
behaviour is still widespread despite years
of education by financial institutions and
card issuers. It is surprisingly high in Europe
although fraud rates in these countries are
often among the lowest worldwide.
• 54 percent of global consumers exhibit
at least one risky behaviour (such as
keeping one’s PIN with the card) which
puts them at higher risk of financial fraud,
compared to 50 percent in 2014.
• 25 percent of French, 29 percent of Spanish
and 21 percent of Dutch respondents said
they had left their smartphone unlocked in
the last five years when not using it.
• 20 percent of Spanish and 18 percent
of Italian consumers have used online
banking or shopping without security
software on a public computer.
• 19 percent of Italian respondents admitted
they had made a note of their PIN and
carried it with them or kept it with their card.
“The data demonstrates that while consumer
trust is improving, financial institutions must
be proactive in their efforts to prevent card
fraud in order to retain customers,” said Ben
Knieff, senior research analyst, Aite Group.
“Consumer education and customer service
remain a challenge for financial institutions,
as risky behavior has a direct correlation to
experiencing fraud.”
CARD FRAUD RISES GLOBALLY
card notesGLOBAL
Dubai (UAE)
Italy
Spain
Indonesia
Thailand
New Zealand
Germany
Sweden
The Netherlands
Hungary
Mexico
Brazil
United States
Australia
India
Singapore
Canada
South Africa
France
United Kingdom
2016 (n=5,861)
0% 10% 20% 30% 40% 50% 60%0% 10% 20% 30% 40% 50% 60%
2014 (n=5,174) 2012 (n=4,813)
Dubai (U
AE)
Italy
Spain
Indonesia
Thailand
New
Zealand
Germ
any
Sweden
The Netherlands
Hungary
Mexico
Brazil
United States
Australia
India
Singapore
Canada
South Africa
France
United K
ingdom
2016 (n=5,861)
0%
10%
20%
30%
40%
50%
60%
0%
10%
20%
30%
40%
50%
60%
2014 (n=5,174)
2012 (n=4,813)
www.paymentscm.com payments cards and mobile / July / August 2016 9
Source: ACI 2016 Global Consumer Card Fraud
card notes GLOBAL
DATA BREACH COSTS RISING TO $4 MILLION PER INCIDENT
The average cost of a data breach for companies is around $4 million, a 29 percent increase since 2013, according to a survey by the Ponemon Institute. Companies lose around $158 per compromised record, with those in regulated industries such as healthcare reaching $355 per record. This represents a $100 increase on 2013 figures for each compromised record.
CYBERSECURITY INCIDENTS CONTINUE
to grow in both number and sophistication.
64 percent more incidents were reported
last year compared to 2014. However
companies can reduce the total cost
of data breach by having an incident
response plan and team in place.
SLOW RESPONSE AND LACK OF PLANNING COSTS COMPANIES
The survey conducted with around 400
companies worldwide found that the post-
breach response and regulatory mandates
can account for up to 60 percent of
breach costs. These costs are high in part
because around 70 percent of US security
executives reported not having an incident
response plan in place.
Proactively securing the services of
specialist data forensics, communications
and legal advisors in advance of a breach
may pay dividends. It may be possible
to agree more favourable terms by
negotiating ahead of time, rather than
in the immediate aftermath of a breach.
Regularly working through a series of
simulated crisis exercises can also help to
improve the efficiency and effectiveness of
the response team, and hone the incident
response plan.
While the survey found that the incident
response team was one of the biggest
costs of a data breach, it was also
the single biggest factor associated with
reducing breach costs. Leveraging such a
team could save companies as much as
$400,000 per incident, or $16 per record.
The study found that the longer it took
to detect and contain a data breach,
the more costly it became to resolve.
Breaches identified in less than 100
days cost companies an average of
$3.23 million. Whereas the costs spiralled
to $4.38 million on average for those
identified after 100 days.
THE COST OF DOING BUSINESS
“Over the many years studying the data
breach experience of more than 2,000
organisations in every industry, we see
that data breaches are now a consistent
‘cost of doing business’ in the cybercrime
era,” said Dr Larry Ponemon. “The
evidence shows that this is a permanent
cost organisations need to be prepared
to deal with and incorporate in their data
protection strategies.”
Companies have historically considered
business continuity and succession
planning risks . However they now
need to consider the fully-loaded costs
of a data breach and mitigate them
accordingly. These include lost staff
time and productivity, lost financial
revenues as a result of being unable
to trade or operate, and loss of
brand value, reputation, trust and
commercial contracts.
PER CAPITA COST OF A DATA BREACH BY COUNTRY SAMPLE FOR THREE ROOT CAUSES
US (64)
Germany (33)
Canada (24)
France (30)
Italy (24)
UK (41)
Japan (27)
UAE & Saudi Arabia (25)
Australia (26)
South Africa (19)
Brazil (33)
India (37)
$0
Malicious or criminal attack Systems Glitch Human Error
$100 $200
$236
$229 $203 $189
$186$189$230
$211
$185
$169
$162
$161
$150
$122
$114
$76 $49 $54
$95 $89
$88 $91
$117 $114
$112 $106
$119 $120
$152 $147
$138 $125
$189 $174
$213 $197
$300 $400 $500 $600 $700
Source: 2016 Cost of Data
Breach Study: Global
Analysis, Ponemon Institute
10 payments cards and mobile / July / August 2016 www.paymentscm.com
card notesGLOBAL
THE DEAL IS done. Visa Europe has sold
its European business to Visa Inc and has
ceased to be a membership association.
After amending the earn-out portion
of the deal to appease the European
Commission, and splitting the organisation
between scheme and processing, the sale
went through on 21 June.
The combined, global company now
provides digital payment products,
services and processing to about 17,100
financial institution clients and partners,
more than 40 million merchant outlets
and three billion Visa accounts worldwide.
Visa-branded cards and products enable
approximately $6.8 trill ion in global
payments volume annually.
Clients have received confirmation of
their share in the sale proceeds. Staff
received bonuses in the June pay packet
of £10,000 to £20,000, depending
on seniority.
Visa Europe and Visa Inc formally split
in 2008 when five out of six Visa regions
floated on the New York stock exchange as
Visa Inc. Visa Europe elected to maintain its
independent status as a membership
association owned and governed by its
more than 4,500 members.
Preparations for the sale have been
in the making for at least two-and-half
years. Visa Europe cut several hundred
jobs in 2014, scaled back the use of
contract staff, closed the final salary
pension scheme and sub-let more space
in its London headquarters. The future for
employees based in Europe, the UK-based
data centre and current headquarters
looks uncertain.
VISA INC COMPLETES ACQUISITION OF VISA EUROPE
WAL-MART IS SUING Visa Inc for the
right to choose how customers verify
debit card purchases in store, according to
Wall Street Journal reports.
In the lawsuit, Wal-Mart claims that
Visa has prohibited it from requiring PINs
only, forcing it to accept signature-verified
transactions. Signatures are easier to
forge and may be less secure than PIN-
verified sales. Signature-verified debit
card transactions are also generally more
expensive for retailers to accept than PIN-
verified transactions.
Supermarket chain Kroger is also
suing Visa over the requirement to
allow customers to sign for debit card
transactions. Kroger operates more than
2,700 stores in 35 states under a number of
brands, including Ralph’s, Harris Teeter and
Fred Meyer.
Kroger said Visa levied fines of $7 million
against it after it did not configure its
terminals to accept signature. Kroger also
said Visa told them that it would raise the
fees it charges to process debit transactions
and threatened to cut off all Visa debit
card acceptance.
A spokeswoman for Visa said the
company was reviewing the lawsuit and
would respond “in due course.”
Meanwhile Wal-Mart in Canada is to stop
accepting Visa cards due to what the
retailer described as “unacceptably high”
fees. Whilst specific payment terms were
not disclosed, Wal-Mart claimed that it still
hoped to reach an agreement with Visa.
Stores in Ontario will be the first to stop
accepting Visa, before the change is rolled
out to 370 stores nationwide.
MASTERCARD IS FACING a multi-billion
pound damages claim for imposing
interchange fees that were ultimately
borne by UK consumers.
The claim, which could reach £19 billion,
would be the biggest in UK legal history. It
is to be one of the first to be filed under the
Consumer Rights Act 2015.
The Act enables a collective damages
claim to be brought on behalf of a class of
people who have suffered loss. Claims can
be brought on an opt-out basis, meaning
claimants do not have to be recruited.
In 2014, MasterCard was found to have
infringed EU law by imposing interchange
fees on cross-border card transactions.
The claim is being championed by Walter
Merricks, a qualified lawyer and former
chief financial services ombudsman. “The
prices of everything we all bought from
1992 to 2008 were higher than they should
have been as a result of the unlawful
conduct of MasterCard,” said Merricks.
“My aim is to get the redress to which UK
consumers are entitled and to ensure that
MasterCard cannot hold on to the illegal
profits it made.”
A spokesperson for MasterCard said:
“MasterCard firmly disagrees with the basis
of this legal claim. Electronic payments
deliver real value to people online, in-store
and everywhere.”
US RETAILERS SUE VISA OVER PIN-BASED DEBIT
MASTERCARD FACE £19 BILLION CLAIM OVER FEES
www.paymentscm.com payments cards and mobile / July / August 2016 11
Identification and verification (ID&V) has always been at the heart of banking and payments, particularly in the digital age. After all, “on the internet, nobody knows you’re a dog” read the caption of the now-famous New Yorker cartoon. At a time when identity theft, account takeover and fraud losses are on the rise, how does the industry up its authentication game?
by Joyrene Thomas
cover story
Identity and verificationin the digital age
THE WORDS TO the theme tune of the
popular US TV crime drama CSI: Crime
Scene Investigation begin: “Who are you?
Who, who, who, who? I really want to know.”
For a show with identity at the core of every
episode, whether it is the identity of the
victim or the killer, the lyrics are entirely
appropriate. Fittingly the band that originally
recorded the song was called The Who.
Identity is the who of you. It is defined
as the state of having unique identifying
characteristics. It can also be the individual
characteristics by which a person or thing
is recognised. Verification is authenticating
that the person attempting to gain
physical or logical accepss is the same as
originally enrolled.
STATE OF THE NATION
Changing shopping habits, lifestyles
and technology are putting pressure
on traditional static, knowledge-based
authentication methods. According to the
Centre for Retail Research, online sales
in Europe (France, Germany, Italy, the
Netherlands, Poland, Spain, Sweden and
the UK) are expected to grow 16.7 percent
in 2016. Online sales in the US are forecast
to grow by 14.4 percent. As fraudulent
activity tends to follow transaction volume,
e-commerce fraud is also growing.
Fraud growth may inhibit consumer
spending online, but a poor a customer
experience, especially on mobile devices,
acts as a bigger deterrent. More than half
of UK smartphone owners (55 percent)
have abandoned a mobile transaction,
according to computer vision firm Jumio. A
2015 study found that customer concerns
about usability made up the top three
reasons for abandonment. Customers
were deterred by slow loading times
(32 percent), the payment process being
too complicated (27 percent) and by
difficulty navigating the checkout process
(26 percent).
Digital identity is currently fragmented.
Consumers typically have multiple accounts
across the different entities with which they
interact. This includes banks, government
agencies, utility companies, mobile and
12 payments cards and mobile / July / August 2016 www.paymentscm.com
cover storyother subscription services. Consumers
are suffering password fatigue. Entering a
password may be difficult using the small
keyboard and screen on a mobile device.
Remembering one, more difficult still as
the average person has around 90 online
accounts, according to password word
management company Dashlane.
At the same time, consumer expectations
around convenience and experience have
been reset by global technology brands.
Ordering a taxi by Uber, buying via Amazon
one-click or iTunes is the new benchmark
for speed, convenience and service. In
the quest for greater convenience, newer
authentication methods are increasingly
coming to the fore.
BODY OF EVIDENCE
Biometrics involves using measurable
physical characteristics as a way of
establishing or verifying identity. Examples
include fingerprints, facial, voice or iris
recognition, eye prints and heartbeat. The
use of biometrics in financial services is
on the rise.
Absa Bank was the first to trial new Visa
EMV chip-based biometric specifications.
The South African bank piloted fingerprint
validation at chip ATMs. Cardholders used
fingerprint readers to complete ATM
transactions, instead of entering a PIN.
Meanwhile MasterCard is expanding tests
of a smartphone app that uses fingerprint
and facial recognition to verify online
purchases. Worldpay has tested FingoPay,
a finger vein scanning technology, in
its staff canteen. Employees linked their
biometric data to a payment card to make
point-of-sale payments with their finger.
According to Guillaume Yribarren, vice
president, marketing, digital security and
authentication, Safran Identity & Security,
the use of biometrics tends to depend on
geography. “If you consider developing
markets, they are ahead in terms of
biometric usage. Their governments
consider biometry a cheap and convenient
way to identify citizens. In more developed
markets, there are concerns around
user acceptance of biometry and the
associations with the police, criminal justice
system and Big Brother,” he says.
This raises an interesting point about the
role of the state in championing biometrics;
funding the technology and logistics of
mass enrolment; building the ecosystem for
further biometric use cases, and partnering
to realise this. To what extent is it the role
of the sate — and only that of the state —
to undertake these activities? Could the
catalyst for change come from individuals,
the commercial or public sector?
Building the business case for identity
has traditionally been more difficult than
for payments. But as payments, identity is
a two-sided market. A critical mass on both
sides — individuals and identity verifiers
— is needed. Banks have an opportunity
to leverage their status as trusted
intermediaries in financial transactions to
become trusted identity authenticators.
Standardisation and interoperability is
naturally both a barrier and an opportunity
in this regard. 83 percent of respondents
to a 2015 Mobey Forum survey saw an
open biometric interface as a major
opportunity. This would allow banks to
retain control over the authentication data.
58 percent of respondents though it would
be beneficial to collaborate to create a
common interface, allowing one type
of authentication for multiple services.
Although 32 percent preferred to keep
ownership of their identification services for
differentiation and competitive advantage.
“One service provider educating the world [on biometrics] is Apple with TouchID.” Guillaume Yribarren, vice president, marketing, digital security and authentication, Safran Identity & Security
Meanwhile acceptance of biometry
among users is changing as it becomes
more widespread. “One service provider
educating the world is Apple with TouchID,”
Although only around one-in-five respondents to a 2015 Mobey Forum survey was using biometrics, 43 percent expressed an appetite to launch such services within the next year.
The Indian government is undertaking
the world’s largest citizen enrolment
programme, known as Aadhaar
(‘foundation’ in Hindi). Demographic
and biometric data is collected from
residents, who are issued with a
unique 12-digit number. Up to 1.2 billion
people are expected to be registered
on the central database, one sixth of
the world’s population.
The Aadhaar number enables
residents to identify themselves for
government services, such as social
welfare, medical care and passports.
It can also be used for electronic
know-your-customer (e-KYC) across
multiple banks. In a drive to enable
all Indians to have access to financial
services, the government opened
around 175 million bank accounts
last year under the Pradhan Mantri
Jan-Dhan Yojana (PMJDY) scheme,
according to the Financial Times.
In Nigeria, the bank verification
number programme launched by
the Central Bank of Nigeria uses
biometric identification from a single
central repository for stronger KYC
across multiple Nigerian banks. This
fingerprint and facial recognition
data has in turn been used in a
corruption crack-down of Nigerian
public servants. According to figures
released by German biometrics
firm, DERMALOG, almost 7.5 percent
of public servants audited did
not exist or were receiving their
salary unlawfully.
In Pakistan, the mandatory
biometric registration programme
for SIM ownership is being leveraged
to promote the growth of branchless
banking. Banks in Brazil are also
using biometrics to prevent fraudulent
account opening and facilitate card-
less cash withdrawals at ATMs.
MASS BIOMETRIC PROGRAMMES
www.paymentscm.com payments cards and mobile / July / August 2016 13
cover storycomments Yribarren. “It’s now very quick
and easy to unlock your iPhone with your
finger or thumb print compared to previous
passwords.” Fitting consumer smartphones
with the ability to capture biometrics also
transfers the hardware costs of biometric
enrolment to the consumer in the price
of the phone. However, why not go a step
further and use the phone itself as a type
of biometric?
YOU ARE YOUR PHONE
People are using their smartphones for
an average of five hours a day — about
a third of the time they are awake — and
check them about 85 times a day, research
from Nottingham Trent University suggests.
This supports the you-are-your-phone
argument. Or that mobile phones provide
a rich seam of personal and personalised
data to be analysed, at the very least.
Mike Lynch, chief strategy officer
at InAuth, a risk management and
authentication vendor agrees. “With
the advancements in mobile devices
themselves, there is the technical capability
to analyse mobile devices for thousands of
attributes, such as build information, media
details, usage, application and location
data,” he explains.
Analysing multiple sources of location
data ensures that they are consistent with
one another. Behaviour data can also tell
the difference between a human and
a bot or scripted session. Access at an
unusual time of day can be an indicator of
risk. The frequency of access could point
to a possible brute force attack, where a
fraudster repeatedly tests credentials to try
and gain access to the device.
“Accelerometer data can yield interesting
results. Is this device moving or always
stationery? Is it always plugged in? Some
of these characteristics, when combined
with other factors, can indicate a fraudster,”
continues Lynch. Similarly any sudden
changes in categories of data could
indicate possible account takeover and
the impersonation of a true customer.
“There are really many combinations of
elements that can indicate increased risk.
Then, a company can make a risk decision
and choose to challenge or deny that user,”
says Lynch.
THE SOCIAL GRAPH
Hitherto authentication has been based on
one or more of the following: something you
know, something you have and something
you are. Or knowledge, possession
and inherence. But as authentication
is increasingly about bringing together
physical and digital identity, what about
something you do, something you did, and
something you say or is said about you?
Physical appearance can be altered,
passwords compromised and fingerprints
lifted. Yet behaviour, transaction or credit
history, employment history, social media
activity and online reputation are all harder
to fake. Hence the difficulty spymasters
face in creating cover stories for spies in
the digital age.
London-based start-up, Veridu, is using
social media profiles and the individual’s
unique online footprint to verify identity
and create a trustworthiness score. Users
invest many hours into their profiles. Direct
messages with friends show patterns of
age distribution and frequency, which are
difficult and time-consuming to fake. Social
data also provides a record of everywhere
the user has been. This allows risk
assessments to be made on an individual’s
interactions and reputation. In the case of
payments, this is typically implemented
as a form of step-up authentication for
higher-risk transactions.
“It’s not about the payment. It’s about the identity,” Spencer Spinnell, director, emerging platforms, Google Inc on-stage at Money 20/20 Europe
Internet search companies, social networks
and online retailers are well-placed to
exploit the individual’s online footprint.
Google, LinkedIn and Facebook are
already authenticating users on third party
websites via single sign-on. Moving into the
identity space allows them to identify users,
but also side attributes to drive greater
personalisation — and revenues. The tech
giants definitely have form in this area,
namely building business models around
new sources of value and monetising
customer data and insights.
ONLINE PAYMENT AUTHENTICATION
Biometrics, behaviometrics and social data
are three newer authentication methods
currently in the ascendant. But what about
3D Secure, the original secure messaging
protocol for online payment authentication?
Created by Visa and Arcot Systems in 1999,
3D Secure gave consumers a way to
directly authenticate their card with the
issuer when shopping online. EMVCo is in
the process of updating the 3DS protocol.
“When we created the first version of
14 payments cards and mobile / July / August 2016 www.paymentscm.com
cover story3D Secure, personal computers were the
only channel available for consumers and
merchants to trade online. Consequently,
3D Secure 1.0 was specifically designed for
browser-based authentication,” explains
Guido Mangiagalli, head of e-commerce
acceptance, Visa Europe. Fast-forward
15-plus years and there are around
4.7 billion unique mobile subscribers
worldwide, according to 2015 figures from
the GSMA. This cannot but change the way
consumers, businesses and governments
interact and transact online.
“3D Secure 2.0 addresses the needs for an omni-channel experience. It optimises the consumer experience on mobile, PC and even digital television. Version 2.0 will be completely agnostic as to the device, as well as enable merchants to use 3D Secure in-app.”Guido Mangiagalli, head of e-commerce acceptance, Visa Europe
“There are two main differences
between 3D Secure version 1 .0 and
version 2.0. Firstly, the new specification
is optimised for any type of device, as well
as for in-app payment. Secondly, it will
be possible for merchants to pass more
information to card issuers to allow more
intelligent risk scoring,” says Mangiagalli.
The new authentication protocol is
designed to facilitate more background or
‘frictionless’, risk-based authentication. It
stands to reason. If merchants and issuers
have more data to recognise genuine
customer behaviour, device, location and
other established characteristics, there
is less need to ask for a password or
other credentials.
Visa already has some experience of
persuading card issuers to take a risk-
based approach to online authentication
using legacy 3D Secure. “A number of our
members have implemented risk-based
authentication for Verified by Visa, our
online customer authentication solution.
One issuer saw a 58 percent reduction in
abandonment rates post-implementation,
while fraud prevention rates remained
stable. Another experienced the same:
reduced abandonment, no increase in
fraud, and an 80 percent reduction in
in-bound calls from customers to reset
passwords,” says Mangiagalli.
According to an EMVCo press release,
the next generation 3D Secure specification
will also be enriched to support non-
payment user identification and
verification, as well as country-specific and
regulatory requirements.
THE FUTURE OF AUTHENTICATION
Authentication is changing. It is
encompassing new data sources from
biometrics and behaviometrics to social
data and online reputation. It is moving
from the use of historic data to more
current (even real-time) data, from the
static to the dynamic, from single factor
to multi-factor, and from the active to the
passive. Authentication has the potential to
become a continual background process
rather than an event or interaction with
the user. If authentication is always on, with
in-built, risk-based controls, this will offer an
improved, frictionless customer experience,
plus the possibility of new customer and
retail journeys.
If the consumer is in their car with a
wearable or mobile phone — each of
which may be a trusted authentication
device — the bank, retailer or service
provider can feel confident that they
are the genuine user. Why require step-
up authentication? Why break the flow?
Instead of the individual having to identify
themselves and prove they are genuine,
anyone who needs to know already knows
who they are. This turns authentication on
its head. It moves the authentication default
from user check-out to user check-in.
If the future of authentication relies on
bigger, better and faster data, this brings in
wider questions about data ownership and
data portability. The notion that data is owned
by the organisation holding the data (the
so-called ‘data controller’), not the individual
(the so-called ‘data subject’), is under threat.
Even if the terminology which evokes the
centralised sovereignty of data is not. The
revised Directive on Payment Services (PSD2)
makes provisions around access to payment
accounts. The EU General Data Protection
Regulation (EU GDPR) includes a section on
data portability. The move towards a more
open environment will mean opportunities
and threats for all companies handling data.
In this way, regulation will be the mother
of invention. It will act as a catalyst for
innovation and cultural change around how
we regard data, but also identity.
So, how will we identify ourselves in 20
years time? Many are predicting the death
of the password, but is this premature?
How much life is left in static passwords?
“Passwords won’t die soon. Passwords
add an authentication factor. They could
be considered complementary to other
authentication factors, especially biometry,”
says Yribarren from Safran Identity &
Security. “Passwords are still a very
efficient way to add a security layer on top
of biometry. You could access some very
secure areas on your smartphone with a
selfie as well as a password,” he concludes.
“Biometrics are one part of the answer to
replacing passwords,” agrees Lynch from
InAuth. “Another is identifying a device,
such as a smartphone, and using that
trusted token as another factor. To use the
mobile device as a trusted token, you must
assess that it is low risk, and that is where
analysis of many [device-related] factors is
important.”
Whilst biometrics, trusted devices and Big
Data authentication techniques will influence
their decline. Passwords are likely to live on
for a few more years yet as a secondary or
fallback authentication factor. Plus, different
companies are on different timelines.
Implementing new authentication methods
takes time and budget. Many companies will
adopt a phased approach and are unlikely to
migrate their entire customer base to a new
authentication method quickly. Passwords
as part of digital identity, verification and
authentication will be alive a while longer,
even for the most progressive organisations.
Digital identity itself is broad and still
evolving. Identity could well be the new
money. “Who are you? Who, who, who,
who?” It’s the who of you that banks, retailers
and consumer-facing technology companies
really want to know — and they have ways of
finding out.
www.paymentscm.com payments cards and mobile / July / August 2016 15
The move from apps to bots has been hailed as the new paradigm shift and the next big technological disruption. Messenger platforms and chat bots are being seen as the new way for businesses and users to communicate. PCM tracks the rise and possible implications of bots for banking and business.
by Joyrene Thomas
chat bots
Have you got a bot for that?
THE INCREASING USE of robots and
automation is being seen in every area
of society from robo financial advisors
to in-home care for the elderly. Attention
is now beginning to shift from apps to
bots, autonomous, artificial intelligence-
backed programmes that interact with
systems or users. These natural language
programmes allow businesses and
customers to communicate directly via
messenger chat platforms.
Thanks to integration with the user’s
contacts, messenger apps have scaled
quickly. WhatsApp has around one billion
users, Facebook Messenger 900 million
and WeChat 697 million. Consumers are
quickly adopting smart two-way messaging
apps as opposed to traditional, more
limited options such as SMS or e-mail.
Monthly usage figures show that messaging
apps continue to eclipse other forms of
social media as a conversational channel
of choice. With billions of active users
worldwide, messaging apps also far exceed
the reach of individual bank apps. The race
is now on to become the all-in-one hub for
chat, entertainment, business interactions
and payment — and to monetise this effort.
Satya Nadel la, Microsoft chief
executive, has outlined plans to put chat
bots at the centre of its future efforts.
Kik, a Canadian chat app, opened a
‘bot shop’ for apps in April . Tokyo-
based messaging app Line will launch a
smartphone call-centre using an artificial
intelligence bot later this year. In China,
Tencent-owned WeChat (or Weixin as it
is known locally) has long been a stalwart
of social networking, messaging and
e-commerce. With 697 million monthly
users, the WeChat app is ubiquitous in
Chinese social and business life as a
16 payments cards and mobile / July / August 2016 www.paymentscm.com
featurephone, messenger, gaming console and
e-commerce platform. Facebook has also
recently entered the fray when it launched
developer tools to build bots for its instant
messaging service.
ARE YOU BEING SERVED?
“Now that Messenger has scaled, we’re
developing ecosystems around it. The first
thing we are doing is exploring how you
can communicate with businesses,” said
Facebook co-founder Mark Zuckerberg at
the F8 developer conference in April.
“You probably interact with dozens of
businesses every day. But I’ve never met
anyone who likes calling a business. And
no-one wants to have to install a new app for
every service or business they interact with.”
“We think that you should be able to
message a business in the same way
you message a friend. You should get
a quick response and it should not take
your full attention like a phone call would,”
continued Zuckerberg announcing
the launch of developer tools for its
Messenger service.
This is as simple as it is insightful.
Customers measure the success of a
brand or service by how much value it
adds to their lives and how little it disrupts
them. They like facilitators of ease and
convenience. As such, there is huge
business value in making the complicated
simple. And little to no value in making the
simple complicated.
Messenger platforms have pinpointed
the customer pain point. Customers
are under-served by modern customer
service. Zuckerberg claims to have been
yet to meet the person who likes calling
a business. He has almost certainly
yet to meet the chief executive, who
has been thanked by a customer for
installing an interactive voice response
(IVR) switchboard.
“Press #1 if you are a new customer. Press
#2 if you are an existing customer. Press #3 for
balance enquiries.” “All our agents are busy at
the moment.” Almost everyone has been on
the receiving end of such customer customer
service. There has to be a better way to do this,
and the messenger providers agree.
Messaging a business in the same way
as messaging a friend is intuitive. It builds
on what customers already know or do.
It is quick and undemanding in terms of
effort or time. Customers do not have to
give it their full attention, which is a boon
for the tech-savvy, time-poor multi-tasker.
If a customer is already on the platform
or in a conversation, there is no need to
leave. The move from apps to bots is as
much a disruption in customer service as
it is in technology.
BANK BOT TRIALS
Barclays’ South African subsidiary Absa
Bank announced at the end of April that
it would pilot a chat bot, making it the first
bank to do so in Africa.
“At Absa, we are constantly seeking
new ways to be more relevant to our
customers. By aligning our user-centric
and Big Data expertise, we are able to
connect with our customers through
channel that they are actively using,” said
Yasaman Hadijbashi, chief data officer,
Barclays Africa.
The Absa chat bot will combine artificial
intelligence with machine learning. It will
get better over time as it trains itself. The
bot will answer simple customer questions
quickly, freeing up staff to focus on more
complex enquiries that require deeper
human insight. Absa can also learn what
individual customers regularly ask for,
in real-time, and make these options
easier to find.
Sberbank, the largest bank in Russia,
announced that it would be launching
Sberbank Messenger. This will allow users
to find, select and order goods and
services from business, talk with sales
representatives and receive personalised
special offers via a platform within
Sberbank Online. The service will undergo
closed beta testing in August.
Meanwhile Santander customers in
the UK can use voice banking via the
Santander SmartBank app in a similar
manner to Apple’s virtual assistant, Siri .
Basic features around card spending
are available in the first phase of the
technology roll-out. The second phase,
due for release later this year, will enable
customers to fully service their accounts,
including making payments, reporting lost
cards and setting up account alerts.
“The worlds of technology and banking
continue to evolve at pace,” said Sigga
Sigurdardottir, head of customer and
innovation, Santander. “We believe voice-
assistant technology has huge potential
to become an integral part of the future
banking experience.”
www.paymentscm.com payments cards and mobile / July / August 2016 17
featureBOT CONSIDERATIONS
Microsoft was forced to take its AI chat
bot, Tay (an acronym for ‘thinking about
you’), offline earlier this year after it made
a series of racist and sexist comments.
The tech giant claimed that users on
Twitter launched a co-ordinated attack,
which exploited a vulnerability in Tay. Aside
from hardening security to prevent brand-
damaging bot outbursts, what are some of
the considerations to bear in mind when
integrating messenger banking?
“What we learned when developing and
implementing WAY4 Messenger Banking
is that is it better to start with useful
services that will attract customers, such as
real-time customer support, P2P transfers
and exclusive offers. It is unlikely that
customers will start using a chat bot for
information about exchange rates and
branches nearby,” says Maria Vinogradova,
director of strategy and market intelligence,
OpenWay Group.
Messengers are conversational
environments where banks can interact
with customers in their own language and
in a familiar way. Vinogradova advises
banks to consider the nature and style of
the chat environment when programming
answers for the bot. “Additionally, anticipate
the most frequently asked questions to make
chatting easier. Most importantly, replicate
the simplicity of the customer experience
of messengers, otherwise users will not use
them,” she says.
“Start with useful services that will attract customers, such as real-time customer support, P2P transfers and exclusive offers.”Maria Vinogradova, director of strategy and market intelligence, OpenWay Group
As to the possible pitfalls to avoid,
Vinogradova advises seeing messenger
banking as complementary to existing
channels. “It is important to consider the
omni-channel approach. If customers use
messenger banking for P2P transfers for
example, it does not mean that they will not
use other channels, such as the bank’s mobile
app and those of other providers.” Messenger
banking should be seen as additional to, not a
replacement for, other channels.
“The messenger banking channel
demands a real-time response, so the KPIs
for the system of automated answers, and
the humans behind this, should reflect this,”
Vinogradova concludes.
CONVERSATION IS THE NEW INTERFACE
The general trend towards the use of
robots and greater automation is two-
pronged. Firstly, using automation to
standardise human processes for greater
efficiency. Secondly, humanising automated
engagement for greater personalisation.
But do consumers mind that they are
talking to a robot?
Probably not, if the bot gives them what
they want quickly and with minimum
fuss. Deployed correctly, chat bots help
fix broken customer service. They answer
customers in real-time and get better
and smarter over time. If banks heed the
learnings, so will they.
Chat bots still rely on an element of
self-service from customers. However,
customers may be more than willing to
invest time and effort, without having to
invest their full attention, in exchange for
convenience and better speed and quality
of service. Better service is only one aspect
of chat bots. The other is sales.
Social media platforms are moving
towards measuring interactions daily
rather than monthly, which speaks volumes
for their significance. In an attempt to
monetise their user bases, they are looking
to contextual or conversational commerce.
This is where consumers can transact
without leaving the moment or experience.
In a B2B context, contextual commerce
may go beyond simply payment to include
ancillary data, such as invoicing and
reconciliation data.
Messengers are a portal, a platform or
a new operating system, depending on
how you look at it. Conversation is the new
interface. Move over apps. The bots are
coming — ready or not.
“We think that you should be able to message a business in the same way you message a friend. You should get a quick response and it should not take your full attention like a phone call would.”Mark Zuckerberg, co-founder, Facebook at the F8 developer conference
LEADING SOCIAL NETWORKS WORLDWIDE BY NUMBER OF ACTIVE USERS (IN MILLIONS)
Source: Statista, April 2016
Facebook Messenger
QZone
Tumblr
Baidu Tieba
Skype
Viber
Number of active users in millions
1,590
1,000
900
853
697
640
555
400
320
300
300
249
18 payments cards and mobile / July / August 2016 www.paymentscm.com
' 'With 1.6 billion people shopping online in 2016, spending more than $2 trillion annually, and with cross-border spending expected
to hit $1 trillion by 2020, the opportunities for merchant growth have never been so significant, varied and fast. Payments, and the
role they play converting shoppers into buyers, are becoming increasingly central to these growth trajectories. Savvy merchants
know that payments are integral to a great shopping experience, and understand that payment can often be the differentiator.
Eager to capitalize on the $2.2 trillion global eCommerce opportunity, merchants need to carefully determine which growth path to
pursue, and how to tackle the specific payment challenges that each growth path entails.''
Markus Rinderer, SVP Product Line Manager, ACI Worldwide
Which way to grow? Evaluating merchant growth paths in eCommerce
ADVERTORIAL
The rules of engagement between merchant
and consumer are fundamentally changing,
becoming more digital and more open.
Shoppers purchase goods and services at
home, at work, or on the go, in lieu of
buying from physical shops. Before purchase,
shoppers learn about products through online
review sites, and afterwards they use social
media to praise or disparage them. And to
complete purchases simply and securely,
shoppers have a growing number of payment
methods and mobile wallets to choose from.
This is digital commerce, and it is the primary
driver of retail sales growth in most markets
around the world.
Digital commerce has been a growth
opportunity for retailers and brands for more
than two decades, but today’s demographic
shifts and unparalleled advances in
smartphone technology have created new
opportunities. Millennials, the generation of
digital natives who do not remember a world
without the internet, are now the largest
segment of the U.S. population and comprise
24% of the European Union’s citizens. Plus,
more people now live in cities, automobile
ownership is decreasing in developed markets,
high-speed internet connections are becoming
ubiquitous, and smartphone penetration
still rising.
The net result is that digital commerce is
growing 10% to 20% annually, while in-store
sales remain flat, or are even shrinking by
as much as 5% per year in some markets. As
a consequence, retailers are focused more
intensely on growth through digital. But not
every merchant has the same starting point,
motivation, or resources, so growth strategies
vary widely.
ACI, the Universal Payments company,
identifies five key growth paths, which together
create a framework for understanding the
opportunities that come from digital channels.
Although winning strategies are highly specific
and no two merchants should expect the
same success with the exact same approach,
evaluating common growth scenarios, and
analyzing how successful merchants have
mastered the accompanying payments
challenges, can provide fresh insights for
merchants and their payment providers alike.
Going online for the first timeMerchants expanding into digital channels encounter
many new requirements; from customer experience
and logistics to cash management. These merchants
must balance the trade-offs between time to market
and ease of enablement with control and cost.
Diversifying channelsOptimization is a seemingly endless journey for online
merchants, given that the customer experience can
always be better, conversion rates can always be
higher, and fraud can always be lower. Operational
complexities are magnified when merchants expand
into non-direct distribution channels and business
models in which enablers, intermediaries, and
aggregators alter the requirements.
Merchants and acquirers are turning to their solution providers to enable them to pursue these
growth trajectories, and the question for those solution
providers is then whether they have the tools and technology to enable their merchants to grow –
any which way they choose.
Investing in mobileMobile is currently the priority for many businesses
because nothing else is driving more commerce growth today. Principles gleaned from traditional
eCommerce extend to mobile, but merchants must adapt the customer experience and operating model
in order to thrive.
Expanding internationallyAlthough cross-border expansion is comparatively
easier in digital commerce than traditional physical
commerce, it is still challenging. Competing for foreign
consumers requires marketing and operational
adaptation catered to local shoppers. The benefits of
cross-border expansion are undeniable, however, as
only China, the U.S., and the U.K. markets represent
more than 10% of total global eCommerce.
Expanding to POSUltimately, the lines between channels are blurring,
as brick-and-mortar merchants continue to venture
online, while eCommerce merchants increasingly
open storefronts. It is challenging for these omni-
channel merchants to offer shoppers a consistent and
seamless experience because payment services are
still too often divided between online and POS.
ACI Worldwide’s new whitepaper ‘Fast-track Merchant Growth Paths in eCommerce’ explores these five
growth trajectories in detail, illustrating each path with a real-world example, and setting out best practices for
enabling merchant growth strategies: www.aciworldwide.com/merchantgrowth
Companies are faced with a two-fold problem: protecting their data from those who have access to it from the inside, and from those who exploit the human factor to access it from the outside. With the rise in remote working, cloud computing and bring-your-own-device, we examine the changes needed to address the insider threat.
by Joyrene Thomas
security
The insider threat
TO BREACH A company’s security requires
sophisticated software, huge computing
power and a crack team of coders, right?
Wrong. A company’s own staff pose a
bigger threat to its security than malicious
outsiders. Insiders are responsible for
around 43 percent of data breaches, half
of which are intentional and half accidental,
an Intel report found.
The world’s best-known data breach
was an inside job. In 2013 former CIA
employee and US government contractor
Edward Snowden leaked thousands of
classified documents revealing government
surveillance activities. US soldier Chelsea
Manning is currently serving a 35-year
prison sentence, after disclosing classified
as well as sensitive military and diplomatic
material to WikiLeaks.
National security leaks aside, a SaliPoint
survey found that 20 percent of people
would sell company passwords for cash. 25
percent of employees would be prepared to
risk both their jobs and criminal convictions
by selling company data for less than
$8,000, according to a survey by data loss
prevention firm ClearSwift.
So much for the intentional. As to the
accidental, human error is still behind the
improper disposal of company information,
misconfiguration of IT systems, and lost
and stolen assets, such as laptops and
smartphones. According to Verizon’s 2016
Data Breach Investigations Report, around a
quarter of human errors involved sensitive
information being sent to the wrong person.
.
THE HUMAN THREAT
“The ‘insider’ is a broader church than
people think,” explains Piers Wilson, head
of product management at Huntsman, a
cybersecurity firm providing defence-grade
security. “You have employees, but even
within this group there are layers. You have
the aware and unaware, the deliberate and
accidental, internal and external insiders.”
“There are people who are malicious and
try to gain access to information or steal
data. Then you have people who are doing
something they don’t see as serious, such
20 payments cards and mobile / July / August 2016 www.paymentscm.com
featureas taking a list of contacts when they leave
a job. There’s also the accidental — people
who leave data lying around or store a
file on Dropbox so they can work on it
from home.”
Another data security challenge is the
extended enterprise. Companies may have
a large contractor workforce, plus third-
party partners accessing information via a
portal or shared system. So the risk surface
posed by the insider is growing. At the same
time, it is not always possible to impose the
same level of education and awareness on
everyone an organisation deals with. Staff
awareness training may not touch a whole
group of people accessing corporate data
and systems. This adds to the risk posed by
the insider.
THE TECHNICAL THREAT
As well as the human threat, companies
also have to contend with a growing
technical threat. The change in the
way IT is delivered within the enterprise
exacerbates the insider threat. There
is more cloud computing, more bring-
your-own-device (BYOD), more shadow
IT and more mobile devices, compared
to even five years ago. The challenge
for corporate IT departments is that
consumer technology prioritises simplicity
and convenience, not necessarily security.
The consumerisation of technology
means employees may by-pass IT
department constraints. Employees may
not necessarily want to wait for their IT
department to give them access to shared
file storage or an extranet, when it is easier
to source this via cloud providers. If a small
sales team in a remote office needs a way
to track and exchange contact details, they
can easily source their own web-based
CRM system. If the company imposes a
size limit for e-mail attachments, numerous
providers allow users to send gigabyte files
via the web for free. In all three of these
examples, data is being stored outside the
corporate data centre.
The growth of mobile devices means that
employees are increasingly creating and
accessing data via their mobile phones.
When it comes to joiners and leavers,
managing privileges in a world where a
company-issued laptop or mobile phone
is not the only way to access data is
challenging. Almost a third (32 percent) of
UK respondents to a survey conducted by
Centrify believe that it would be easy for an
ex-employee to log in and access systems
or information with old passwords. This
compares to 53 percent of respondents in
the US. Half (49 percent) say ex-employees,
contractors and third parties are ‘off-
boarded’ the day they leave, yet over half
also admit that it can take up to a week or
more to remove access rights.
THE WEAPONISATION OF THE INSIDER
The overlap between the human and the
technical threat is where phishing sits.
“Phishing is not really an insider attack,
but it’s where an outsider compromises
internal staff with an e-mail or attachment
that looks genuine. Before you know it,
the attacker has used one of your insiders
to gain access to your systems and data.
Phishing is the weaponisation of the insider,”
says Wilson.
CEO scams as a form of phishing or social
engineering are on the rise. It is estimated to
have affected 12,000 businesses worldwide
at a cost of more than $2 billion in the last
two years, according to the FBI. Criminals
spoof the e-mail address of the CEO or CFO
and instruct the recipient to transfer funds
to a bank account (usually controlled by the
criminals), settle an outstanding invoice or
update supplier bank account details.
Phishing is also used as a delivery
mechanism for malicious software and
ransomware. This infects a user’s computer
as a precursor to compromising and
exfiltrating data, or rendering it un-usable
until a ransom is paid. According to Verizon’s
2016 Data Breach Investigations Report, 30
percent of phishing messages were opened,
up from 23 percent last year. Around 13
percent of those went on to open the
malicious attachment or click on the link.
Attackers exploit human weaknesses
and vulnerabilities. In a study conducted by
the University of Luxembourg, almost 50
percent of people revealed their password
in exchange for chocolate. Scientists asked
passers-by about internet security, including
questions about their password. Those who
were not given chocolate at the beginning
of the interview revealed their password 30
percent of the time. Those who were did so
44 percent of the time.
“We investigated the psychological
principle of reciprocity. When someone does
something nice for us, we automatically feel
obliged to return the favour. This principle
is universal and important for the way we
function as a society,” said Andre Melzer,
co-author of the study.
That is how social engineering works. The
attacker can be as convincing as they want
to be. And as they have got the knowledge,
skills and patience to be, if that means they
are successful in getting access to data.
COUNTERING THE INSIDER THREAT
To combat the insider threat, organisations
need to shift their focus from the perimeter
to the data itself. “Traditionally companies
have been using the metaphor of the
castle, where you defend your perimeter
with a moat or a gate — an impenetrable
outside. Once you get inside, you have
free access,” says David Gibson, vice
president, strategy and market
“You have to recognise that people are increasingly using cloud, whether it’s file storage or shadow IT. You need a way of controlling, policing or at least monitoring that kind of cloud access.”
Piers Wilson, head of product management, Huntsman
“If banks were to secure money the same way as people secure data, they would put a lot of guards on the door but the vault would be open to anyone within the bank. There would be nobody watching who was taking money in and out.”
David Gibson, vice president, strategy and market development, Varonis
www.paymentscm.com payments cards and mobile / July / August 2016 21
development, Varonis, a provider of software
solutions for protecting data.
“Over the last ten years, the frequency
of breaches has increased. A lot of them
have a couple of things in common. Firstly
that the attacker was usually someone
inside already, or got in through stealing a
valid insider’s credentials. Secondly, what
is taken is usually unstructured data, such
as files and e-mails. Protecting data from
the inside out is flipping the metaphor.
Instead of focusing from the perimeter
in, it is building concentric security rings
around the data itself,” explains Gibson.
In addition to a change in focus, user
behaviour analytics (UBA) and Big Data
techniques have helped to invert the
traditional detection problem. Baselining
normal user behaviour helps anomalous
behaviour to stand out. A company
needs to know who is accessing which
fi les . Who is creating, opening and
deleting them? Who is sending e-mails
to whom? Gibson explains that modelling
this behaviour helps flag if a user deletes
an important file or directory, changes
access rights, or modifies 500 files in a
five minute period. Similarly, it can detect
ransomware and exfiltration of files.
“Before, we were using UBA to augment
preventative controls; now we are putting
emphasis on the detective aspect. This is
important because when you talk about
getting to a least-privileged model, there
is a lot of work to do. But to turn on the
detective controls takes a couple of hours,”
concludes Gibson.
IN SUMMARY
Almost one-third of respondents to a PwC
cybercrime survey said that insider crimes
were more costly or damaging than those
committed by external adversaries. Yet
less than half had implemented a plan
to deal with insider threats. This has to
change. To do otherwise is unlikely to be
commercially sustainable over the medium
to longer term. If companies do not act
now to protect data under their own terms,
they may find the regulator steps in. Those
in Europe, trading with Europe or storing
the data of European citizens will have to
comply with the EU General Data Protection
Regulation in less than two years. The data
clock is ticking.
Data security is about just that —
securing data. Almost every company
holds data about customers, staff or
partners. Almost every company has
intellectual property, strategic documents,
operating procedures or manuals,
marketing plans and so on. If something
has commercial value to a company, it
more than likely has commercial value
outside the company. Re-visiting first
principles is beneficial as they are still
valid. What data does the company have?
Where is it? And who has access to it?
Speed is important in countering the
insider threat. Companies must be able
to respond quickly to minimise the
time-at-risk. Focus needs to move from
being retrospective to predictive, and
controls from preventative to detective
and restorative. Companies should not
underestimate the challenge of the agile
adversary. Attackers are unconstrained
by change control , organisational
processes or budget cycles. They can be
as convincing as they want to be. And as
they have got the knowledge, skills and
patience to be, if that means they are
successful in getting access to data. Once
the attacker is inside, they are an insider.
security
THE INSIDER ATTRIBUTION TRAP
What motivates people
to steal data? The
reasons are many
and various. They
range from political,
ideological, financial
or malicious motives,
to carelessness and the
accidental.
An ex-Morgan Stanley
adviser was sentenced to three
years’ probation last year and
ordered to pay $600,000 restitution
to his former employer for taking
company data. The employee in
the private wealth management
division transferred confidential data
on 730,000 customers to a private
server in his home to advance his
career.
Meanwhile a senior employee at
British supermarket chain Morrisons
was jailed for eight years in 2015 after
posting details of nearly 100,000
colleagues online. Disgruntled at
being disciplined for using the
company mail room to send out
personal packages, the employee
stole payroll data, including salaries,
national insurance numbers and
bank account details. He posted this
online and sent it to newspapers.
Computer users would trade WiFi
access for their first born child for
the duration of eternity. Six people
failed to notice the so-called ‘Herod
clause’ contained in the terms and
conditions when they signed up at a
free WiFi hotspot in London.
Understanding the motivations
behind data theft and loss may
help prevent future losses. However,
assigning attribution can be difficult
and detract from business response
and continuity efforts. It is probably
more worthwhile to focus on threat
prevention, detection and recovery
plans. After all, robust plans will be
effective irrespective of the attacker
or motive.
“Having preventative controls is the right thing to do. But detective controls are much faster to implement and will work even if your preventative controls are not in place.”David Gibson, vice president, strategy and market development, Varonis
“Too much in the past has been around identifying things retrospectively. Moving from a historical, retrospective model to something which is more real-time, immediate and on-demand is a challenge.”Piers Wilson, head of product management, Huntsman
22 payments cards and mobile / July / August 2016 www.paymentscm.com
www.paymentcardyearbooks.com
Stay one step ahead with deep industry information and a wealth of statistics from central banks, interbank companies and associations and individual banks.
2015-16 EDITION Payment Cards Statistical Yearbooks 2015-16
ORDER NOW
In order to respond to the changing and new payment industry markets, the 2015-16 edition Yearbooks have been enhanced by adding:
• More issuer information – issued brands by issuer• More acquirer information – acceptance brands
by acquirer• More on contactless cards and digital wallets• More e-/m-commerce information, e-payments
mix and statistics • More on notable mobile payments initiatives• More on basic fraud trends and statistics• Mobile merchants and MPOS terminals • Notable market trends – battlefields in the
payment industry
European Payment Cards Yearbook and Eurasian Payment Cards Yearbook 2015–16 are available as a complete volumes or as individual country profiles.
To place an order, for further details, to view full synopsis or download a sample country report visit: www.paymentcardyearbooks.com
issuing and acquiring
CHARGEBACKS HAVE BEEN part of
card scheme dispute resolution rules for
decades and reflect consumer protection
regulations in many countries. However
they are also the ultimate un-virtuous
circle where almost everyone ends up
unhappy. Some of the parties also end up
out of pocket.
A chargeback is when a card payment
is returned. This may be because the
cardholder disputes the transaction.
For example, if services have not been
provided, merchandise is not received, is
defective or not as described. Or if the
transaction is fraudulent.
THE $40 BILLION CHALLENGE
Obtaining statistics on the cost of disputed
transactions is difficult. It depends on
write-off thresholds, system capabilities
and staff costs, which vary greatly by
financial institution or merchant.
Internal research from Verifi , a
chargeback prevention firm, suggests that
disputed transactions could be costing
merchants as much as $40 billion a year in
the US. And around £25-30 billion a year in
the UK. This includes the cost of penalties,
chargeback fees levied by acquirers,
excessive refunding, loss of merchandise
and staff time. However, for every $100
in chargebacks, it is estimated that the
merchant’s fully-loaded cost is around
$308 on average. This is in addition to the
costs incurred by issuers and acquirers to
process and contest chargebacks.
THE NETWORK EFFECT
“One of the most common reasons for
chargebacks is when consumers do not
recognise transactions on their statement.
Typically they call their card issuer instead
of the merchant. The issuer may have only
limited data and one of the only options
is to charge the transaction back. This
can take anywhere from 6-8 weeks,” said
Neil Smith, regional head of sales and
partnerships, UK/EMEA, Verifi.
“We have a dispute management
solution that sits before a chargeback. We
are connected to 12,000 merchants and via
an API connection can draw on data, such
as make, model, size, IP address, device
ID and product names. The issuer can
engage real-time with the merchant via
our network to resolve the dispute before a
chargeback even occurs.”
Smith also explained how SKU-level data
may be used by merchants as compelling
evidence that the cardholder participated
in the transaction. This is particularly in the
case of so-called ‘friendly fraud’ or buyer’s
remorse, where the cardholder participates
in the transaction but later denies this.
THE FUTURE
Issuers and merchants have an
incentive to work together on disputed
transactions. This benefits them and their
common customer — the consumer — by
cutting the time, cost and complexity
of resolving disputes. This helps build
the business case for companies that
assist in preventing chargebacks from
occurring. However, the bigger question
is whether the dispute resolution
mechanism for card-based payments is
still fit-for-purpose.
Payments is becoming more real-
time with sub-second authorisations
and settlement within hours or days at
most. Yet chargeback exposure is still
measured in months. In view of the fact
that alternative payment methods, such
as some ACH payments and Alipay, do
not have chargebacks, dispute resolution
is becoming a source of competitive
difference for payment types. When
prices, margins and costs are under
pressure, stakeholders may no longer be
prepared to absorb chargeback costs as
the cost of doing business.
PCM asked the major card schemes
how they planned to ensure the dispute
resolution process continued to meet
and balance the needs of stakeholders.
MasterCard and Visa declined to comment.
THE UN-VIRTUOUS CIRCLE OF CHARGEBACKS
FRAUD MANAGEMENT IS a three-way
balancing act between minimising fraud
losses, minimising operational costs and
maximising revenue. So, have businesses
got the fraud management balance right?
A survey of 200 UK businesses
by risk management company,
CyberSource, found that while fraud
itself was under control, there was still
work to do on minimising operational
costs and maximising revenue —
in short, achieving a better balance.
When asked about their main fraud
management challenges and priorities
for the next 12 months, losing revenue
to fraud ranked fifth out of the six
challenges asked about. This shows that
UK businesses largely felt that they had
fraud losses under control. However, the
top challenge for survey respondents in
the 2016 UK E-Commerce Fraud Report
was manual review. Merchants wanted to
spend less time, effort and budget doing
manual reviews.
The number of merchants performing
manual reviews on customer orders to
detect possible fraud has decreased
from 70 percent in 2010 to 50 percent
in 2016. The average number of orders
manually reviewed is 22.5 percent. Larger
businesses typically tend to review less,
given the challenges of scaling review
cost effectively.
Irrespective of the percentage of
orders reviewed manually, the average
accept/reject rate after review should be
as close to 50:50 as possible, contends
CyberSource. A ratio exceeding this
indicates the presence of factors
that could be worked into rules to
automate decis ions . This reduces
the amount of manual review, the
associated operational costs and lost
sales due to false positives, thereby
maximising revenue.
GETTING THE FRAUD MANAGEMENT BALANCE RIGHT
24 payments cards and mobile / July / August 2016 www.paymentscm.com
THE EUROPEAN COMMISSION is proposing
to expand its anti-money-laundering rules to
cover virtual currencies and prepaid cards,
in a bid to fight terror financing and tax
evasion as revealed in the Paris attacks and
the Panama Papers disclosures.
The proposals from the Commission, the
EU’s executive arm, also seek to strengthen
oversight of bank accounts and increase
transparency about the ownership of
trusts across the bloc according to The
Wall Street Journal.
The upper limit of non-reloadable prepaid
cards would be lowered to €150 ($167) from
€250. The perpetrators of the Paris terror
attacks used prepaid cards.
Under the proposals, virtual-currency
platforms, such as Bitcoin, would be brought
under anti-money-laundering rules that
should come into effect by the end of this
year. Those platforms would also have to
verify the identity of users and monitor
transactions, as banks currently do.
“Today’s proposals will help national
authorities to track down people who hide
their finances in order to commit crimes
such as terrorism,’’ said Commission vice
president Frans Timmermans. “Member
states will be able to get and share
vital information about who really owns
companies or trusts, who is dealing in online
currencies, and who is using prepaid cards.’’
Member states would be required to
create centralised registers of information
about bank- and payment-account holders,
which national authorities could access in
case of suspicious activities. The proposals
must be agreed by the bloc’s governments
and the European Parliament.
The Commission says such registers
would aid information sharing among
European financial-intelligence units, which
analyse dubious financial transactions
after being alerted by banks.
The Commission also announced
proposals to l imit loopholes used
to evade and avoid taxes. Under
new rules, tax authorities would gain
access to national anti-money-laundering
information, including the true owners of
companies and trusts. The proposal will
have to be approved by EU governments.
The Commission also said it would look
into automatically sharing information on
the true owners of companies and trusts to
clamp down on tax evasion by hiding funds
offshore. The effort follows disclosures
of documents showing how some clients
of Panama City-based law firm Mossack
Fonseca & Co. were allegedly able to
dodge sanctions and avoid taxes.
The new plans also foresee closer
scrutiny of the activities of tax advisers
— who often promote and facilitate tax
evasion or avoidance — and boosting
protection for whistleblowers who bring
many such cases to light.
The Commission is already working
on a blacklist of non-cooperative tax
jurisdictions that do not respect the bloc’s
tax standards and could eventually be
sanctioned. The list, intended to discourage
third countries from enabling aggressive
tax-cutting strategies, will be ready in 2017,
the Commission said.
SBERBANK, THE RUSSIAN bank, has
founded a new subsidiary – SB-Telecom –
which will act as an MVNO.
The new company wil l provide
telecommunications services for
companies within the Sberbank
group, as well as for customers of
the group. The new company has not
yet received any licences from the
federal telecommunications regulator
Roskomnadzor.
SB-Telecom has total
equity of RUB 100 million.
It is owned by Sberbank
indirectly, via companies
Digital Assets and
Digital Technologies.
Sberbank is reported
to have negotiated with
several mobile operators
on the launch of MVNO
from 2015. Tele2 Russia
and MTS have been
mentioned by sources in
the market as potential
partners. Sberbank serves
127 million private persons
across the country. The
launch of the MVNO
could help the bank with
security issues related to
its own services and to
SMS-dissemination.
THERE ARE NOW more than 100 million
debit cards in circulation in the UK for the
first time. The milestone was passed in
April, the latest figures from The UK Cards
Association show.
The number of debit cards in the UK
has grown by 2.7 percent in the past year,
up from 97.6 million to 100.3 million in April
2016. The 50 million card mark was passed
in February 2001.
Meanwhile, debit card spending reached
£37.8 billion in April, up 6.8 percent from
£36.5 billion the previous year. The growth
in the number of debit cards reflects the
changing ways in which consumers make
payments and access their money.
Consumers opening new bank accounts
routinely receive debit cards as standard.
The number of ATM-only cards has been
falling substantially in recent years, while
cheque guarantee-only cards ended with
the closure of the scheme in 2011. A total
of 61.8 million debit cards now feature
contactless technology.
EC CRACK DOWN ON VIRTUAL CURRENCIES AND PREPAID
SBERBANK TO LAUNCH MVNO FOR MOBILE BANKING
UK DEBIT CARDS REACH 100 MILLION FOR FIRST TIME
issuing and acquiring
www.paymentscm.com payments cards and mobile / July / August 2016 25
mobile payments
IF YOU DON’T already bank, shop or make
mobile payments using your mobile device,
there’s a good chance that you’ll start within
the coming year.
At least, that’s what the results of the
ING International Survey on Mobile Banking
2016 tell us.
The survey asked nearly 15,000 people
in 15 countries about banking, shopping and
paying with their mobile devices.
Results show that the share of
smartphone or tablet users in Europe who
use their device for banking has swelled to
47 percent – up from 41 percent in 2015 –
with another 16 percent expected to start
within the next 12 months.
“Mobile devices seem to be everywhere,
and many people can’t live without their
smartphone,” said Ian Bright, senior
economist at ING. “People don’t only want
to use their mobile phone in their everyday
life to manage their money — many
also reckon it helps them manage their
money better.”
More than 70 percent of those who use
mobile banking in the 13 European countries
in the survey indicated that they managed
their finances better as a result of mobile
banking. Outside of Europe, the figure was
slightly higher in the US (78 percent) and in
Australia slightly lower (61 percent).
MOBILE PAYMENTS
Pure banking isn’t the only thing Europeans
are doing more of on their mobile devices.
More people are also paying by mobile,
with 40 percent in Europe saying they’ve
used an app to pay on the go in 2016, up
from 33 percent in 2015. And 56 percent of
mobile device owners say they expect they
will “certainly” or “probably” use a mobile
payment app in the next 12 months.
If this trend continues, Europe could
overtake the US, where adoption rates have
remained static in the last 12 months at 42
percent, according to the data.
Shopping by mobile device has also made
notable gains in 2016, the report reveals. A 66
percent share of people in Europe are now
shopping on their smartphone or tablet, up
from 58 percent in 2015.
The onward march of mobile is one
contributing factor to the evolution of
a ‘cashless society’. There is, however,
significant variation in growth across the
continent. While two thirds in Turkey and Italy
(66 percent) agree they use physical cash
much less than 12 months ago, far fewer
in Austria (28 percent) and Germany (31
percent) are willing to give up their notes and
coins. The UK (52 percent) and France (53
percent) hover near the European average
(53 percent) for reducing cash use.
Confidence in contactless payments
has barely increased from last year:
fewer than half (46 percent) of the people
in Europe surveyed are sure about the
security of the technology.
“The mobile revolution is not a fad,”
said Bright, who specialises in consumer
economics with ING’s eZonomics.
MOBILE BANKING AND MOBILE PAYMENTS SURGE IN EUROPE
26 payments cards and mobile / July / August 2016 www.paymentscm.com
DO YOU USE MOBILE BANKING?
Source: ING International Survey on Mobile Banking 2016ING International Survey Mobile Banking 2016
15
The question
Shopping on the go – a pleasure for all
Which of the following have you purchased in the last 12 months using a mobile device, such as a smartphone or tablet? Percent who selected one or more item categories, from a list of seven.
Shopping by mobile phone makes impressive gains The proportion of mobile device owners who are shopping by smartphone or tablet is rising at an impressive rate in many of the 15 countries surveyed for Mobile Banking 2016.
The USA, France and the Netherlands see the biggest rises year on year in the proportion of people making purchases by mobile. In the Netherlands and France in 2016, 58% of people bought at least one item by smartphone or tablet in the previous 12 months. That compares with 42% in 2015. The USA’s share rises from 58% in 2015 to 74% in 2016.
The average European rise in the proportion that shopped by mobile in the past 12 months is eight percentage points year on year.
The smallest increase in mobile shopping is in Turkey, which already has a large share which buys by mobile. Its share of mobile shoppers is only up four percentage points year on year – from 84% in 2015 to 88% in 2016.
We should note that internet polling will likely include a larger share of technology users and, by extension, mobile shoppers.
ING International Survey Mobile Banking 2016
16
The question
Which of the following have you purchased in the past 12 months using a mobile device, such as a smartphone or tablet? Percent who bought at least one item.
Shopping on the go – a pleasure for all
Cooking up a feast in Turkey? Turkey is home to the world’s largest home-delivered meal ordering platform, Yemek Sepeti. And it has many other popular mobile purchasing platforms, like Trendyol, Markafoni and Morhipo. A high share in the survey bought one or more items by mobile in the last 12 months – but respondents in Turkey also tend to be young, educated and professional.
Clothing comes top for some – but choices do vary When shopping by smartphone or tablet in the last 12 months, the most popular purchases are items of clothing, with electronics coming a relatively close second.
Games, holidays, groceries and home-delivered meals are also frequent choices.
Buying clothing by mobile is most popular in Turkey, where 63% of mobile device owners made the purchase in the last 12 months, and least in Belgium (28%) and the Czech Republic (29%).
Mobile device owners in the Czech Republic also bought the least items by mobile in the last 12 months, looking across all seven purchase categories.
Home-delivered meals are also especially popular in Turkey, after clothing and electronics.
Thirty-four percent of people in the USA bought music by mobile in the last 12 months. In the USA, music is the number-three purchase after clothing and electronics, with games and groceries less often chosen.
WHICH OF THE FOLLOWING HAVE YOU PURCHASED IN THE PAST 12 MONTHS USING A MOBILE DEVICE, SUCH AS A SMARTPHONE OR TABLET?
IT’S BEEN A busy 60 days in the world of
mobile payments with further roll-outs, new
entrants and a prominent withdrawal. PCM
rounds up the latest state of Pay.
HANDSET MANUFACTURERS GO HEAD-TO-HEAD
Apple Pay, Samsung Pay and Android Pay
have all launched in Singapore — the only
market so far where the three ‘Pays’ are
going head-to-head. Apple Pay launched
in Switzerland in early July, and is known to
be eyeing both France and Hong Kong for
further expansion. Meanwhile Samsung Pay
launched in Spain and Australia.
“The opportunity for Samsung Pay
in Spain is significant, due to the high
smartphone penetration rate and the
digitalisation of the banking sector,” said
Celstino Garcia, corporate vice president,
Samsung Spain.
Research conducted by Ipsos for
Samsung Spain found half of Spaniards
aged between 35 and 65 carry more than
two debit or credit cards in their wallets. 64
percent of consumers use credit or debit
cards for all or most of their purchases,
which rise to 71 percent among people
aged 35-44.
Microsoft belatedly entered the mobile
wallet wars with the launch of Microsoft
Wallet for devices running Windows 10
Mobile. Issuers Bank of America, People’s
United Bank, US Bank and several US credit
unions are supporting NFC contactless
payment with Microsoft Wallet.
GAME ON FOR WALMART PAY. GAME OVER FOR CURRENTC
US retailer Wal-Mart has rolled out its
mobile payment app, Walmart Pay, to
4,600 stores nationwide. The company stole
a march on its retail rivals when it began
trials of Walmart Pay in December 2015.
The payment app works on iOS or Android
devices and can be set up with any major
credit, debit, prepaid or Walmart gift card.
Wal-Mart was a member of the
Merchant Customer Exchange (MCX), a
retailer-backed mobile payments group
behind the much-delayed CurrentC app.
Designed as an alternative to the ‘Pays’
offered by consumer technology brands,
CurrentC allowed payment by various
methods controlled by the retailer. These
included private label cards, coupons,
loyalty points or direct from bank account
payments, not cash or cards.
However, following a pilot in Columbus,
Ohio, MCX confirmed that it was postponing
its nationwide roll-out of CurrentC, laying off
30 staff and shifting focus to working with
financial institutions.
“MCX has made a decision to concentrate
more heavily in the immediate term on
other aspects of our business including
working with financial institutions, such as
our partnership with Chase, to enable and
scale mobile payment solutions,” said Brian
Mooney, CEO, MCX. “As MCX has said many
times, the mobile payments space is just
beginning to take shape — it is early in a
long game. MCX’s owner-members remain
committed to our future.”
Mobile payments may be a long game,
but MCX took too long to get to market.
“They came [into the market] too late,”
according to Thad Peterson, senior analyst,
Aite Group as reported in ATM Marketplace.
“It took them almost four years to launch
a pilot and that doesn’t work in this world.
And the value proposition was never settled
on either the consumer or merchant side.”
NATIONAL MOBILE INITIATIVES
The two mobile payment schemes in
Switzerland — Paymit and Twint — are to
merge under the Twint brand. The mobile
solution will continue to be open, allowing
Swiss banks to offer their own apps. Twint
will integrate Bluetooth, QR-Code, NFC
and future technologies for P2P and P2M
payments. The five largest Swiss banks
and service provider SIX behind Paymit
will participate in the single entity Twint AG.
Jiffy, the service developed by SIA to
send and receive money in real-time from
a smartphone, is coming to stores in Italy. A
P2M pilot is underway in the cities of Milan
and Bergamo, allowing customers to pay
via app at participating retailers acquired
by UBI Banca. Other major Italian banks are
expected to offer the service in the autumn.
Jiffy has topped 350,000 registered users
since the P2P service launched in Italy in
October 2014.
Elsewhere the Thai central bank has
launched PromptPay, which allows
individuals and businesses to transfer funds
using mobile phone or citizen ID numbers
instead of bank account numbers. A Danish
banking collective (the BOKIS partnership)
will launch a new NFC mobile wallet using
HCE and tokenisation platforms powered
by Nets. MintChip, the digital cash platform
started by the Royal Canadian Mint and
acquired earlier this year by Toronto start-
up nanoPay, is now available for P2P
transfers and P2M at selected merchants.
THE STATE OF PAY
mobile payments
www.paymentscm.com payments cards and mobile / July / August 2016 27
contactless
BY CONNECTING BILLIONS of familiar
devices, the Internet of Things (IoT)
promises to improve how we live, work
and play by turning our homes, cars,
offices and cities into smart, interactive
environments.
These are still early days for the IoT, but
the transformation has already started
with goals of improved safety, comfort, and
efficiency. The home environment is one of
the first targets in this transition.
In a new whitepaper, Simplifying IoT:
Connecting, Commissioning, and Controlling
with Near Field Communication – NFC Makes
the Smart Home a Reality, the NFC Forum
examines how the smart home ecosystem
will learn from our habits and automatically
adjust devices by using information from
connected processors and sensors in
appliances, wearables and other IoT devices.
The intelligent operation of IoT devices in
the smart home will leverage cloud-based
connectivity with manufacturers, power
companies, service providers, and related
operational data from IoT devices globally to
optimise functionality and the cost-efficient
use of resources.
Consumers will be the big winners in
this ecosystem due to an improved
quality of life. To address this long-
term vision, standards organisations like the
NFC Forum, are working with developers
and manufacturers to develop a wide
range of new platforms, applications
and services.
Connectivity is the enabler, with IoT
devices seamlessly communicating not
only with each other in the home but
also beyond the walls to cloud computing
platforms. Eventually, most devices will
be interconnected to collect sensor
data or enable control of the smart
home environment.
This means that in the future, so-called
rich UI devices like PCs or mobile phones
will be outnumbered by many small
headless devices with limited or no user
interface. The whitepaper describes
how Near Field Communication (NFC)
specifications will help developers and
manufacturers bring the benefits of IoT to
where we all live, work and play.
With almost 40 billion connected devices
expected by 2020 and over one billion
NFC-enabled devices already in the
market, NFC is a natural connectivity
technology for the Internet of Things. NFC
can bring user-friendly controls to devices
that lack a traditional user interface such
as a keyboard or screen. With a single tap,
NFC is uniquely positioned to provide:
• Ease of use – where a single tap
executes a user’s intention even when
there is no device interface.
• Explicit interaction – by requiring close
proximity for connection and data
exchange.
• Read and write capability – for
interactive data exchange enabling a
protocol.
• Communication with powered down
devices – to exchange data irrespective
of a device’s power status via
embedded NFC tags.
• Low cost – a fraction of other
connectivity technologies.
• Low energy – enabling connectivity
without a large power draw.
THE INTERNET OF THINGS AND NFC
60 DANISH BANKS LAUNCH NFC MOBILE WALLET
NETS HAS BEEN selected by Danish
banking collective, the BOKIS partnership,
to launch a new NFC mobile wallet
solution powered by its HCE and
tokenisation platform.
The BOKIS partnership includes 62 banks
that form the small to mid-sized banks
segment of the Association of Local Banks,
Savings Banks and Cooperative Banks
in Denmark, together with five Danish
regional banks: Jyske Bank, Sydbank, Spar
Nord Bank, Arbejdernes Landsbank and
Nykredit Bank.
The BOKIS mobile wallet solution will be
available to all customers of participating
banks, which collectively represent a
significant proportion of Danish cardholders.
“We are excited to be the first in Denmark
to announce our plans to deliver bank-
issued mobile wallets from our members,
providing a mobile payment solution that
delivers real payment convenience to our
customers,” comments Søren Nicolaisen,
managing director, Danish Regional
Bankers Association. “End users will be
able to pay just by ‘tapping’ their phone at
the contactless point-of-sale.”
Nets’ HCE and tokenisation platform
provides Nordic banks, such as those taking
part in the BOKIS partnership, with an open
and easily integrated transaction security
capability which dramatically simplifies the
process of supporting or deploying mobile
payment solutions.
The platform is based on internationally
recognised security standards and enables
banks to quickly and easily introduce HCE
and tokenisation into their own mobile
payment solutions, reducing time-to-
market and streamlining what can be a
long and complicated process.
Hans Henrik Hoffmeyer, SVP of mobile
services area in Nets, comments:
“Historically, Nets has developed and
operated the financial infrastructure
supporting and driving the Nordic banks’
payment solutions.
We have made significant investments
on behalf of our customers in becoming a
token service provider (TSP), which enables
Nets to provide the security
services that our banking
customers need to power
their future mobile
solutions and new
mobile services.
In short, we
e n a b l e
banks to
c o n t i n u e
‘business as
usual’ in the
mobile age.”
28 payments cards and mobile / July / August 2016 www.paymentscm.com
CONTACTLESS AT THE SPEED OF LIGHT
APP CHAOS AFTER APPLE’S NEW RULING UPDATE
IN THE FUTURE, consumers may be able
to make contactless payments from any
smartphone using light instead of NFC.
OPTO is a patent-pending contactless
technology, which transmits encrypted data
via colour-encoded light signals of different
frequencies to an optical reader. OPTO uses
light from the smartphone screen, which
unlike NFC is common to all smartphones.
Payment Technologies debuted a
prototype vending machine integrating
the OPTO solution at a trade fair in May.
It will start pilots of the new technology at
selected locations in September, with a full
roll-out of the technology slated for 2017.
AT THE RECENT Apple developer
conference, Apple presented the
redesigned and refreshed App Store. At the
same time Apple changed the terms and
conditions for app developers. One change
especially stands out and will/could mean
chaos for developers and users.
The addition in point 10.6 of the terms
and conditions has already started to upset
developers and app owners in Sweden in
particular, writes Lars Aase, consultant –
mobile & digital payments and VAS, Cards
and Payments Solutions AB.
This rule was to ensure that all apps
to be released in the App Store have
a general and good user experience.
The addition now stipulates that no app
is allowed that needs another app to
work. This is a challenge for popular
Swedish apps that need Swedish mobile
BankID for login/authentication and signing
of transactions.
Examples of apps that will be affected in
line with the update include super popular
mobile money transfer app Swish with
4.4 million users who transferred €1 billion
in May alone, all Swedish banks mobile
banking apps, all major governmental and
public services apps.
It is also worth remembering that Sweden
and the Nordics are iPhone countries with a
market share of around 50 percent.
The same goes also for neighbouring
Norway with their similar mobile BankID
app, used for login at mobile banks and
other services.
There are also strong implications for
other countries. However, following the
media backlash in Sweden, Apple seems
to have given Sweden an exception from
the new ruling on no app can be dependent
on another app to work to be approved in
Apple App Store.
The exception is for Sweden only and, it is
understood, for Mobile BankID-dependent
apps only — at least for now. It will be
interesting to see what will happen in
other markets…
contactless
NFC VS IBEACON – DIGITAL RETAIL MARKETING SPEND TO DOUBLE
NEW DATA HAS found that spend on
digital retail marketing is set to increase
from $174 billion in 2015, to $362.1
billion by 2020.
The research found that
while the digital retail
marketing industry will
continue to be dominated
by advertising revenues,
coupon contributions will
see strong growth, driven
in part by the rise of Bluetooth
iBeacons.
Beacons, which find the location of a
smart device using BLE (Bluetooth Low
Energy, or Bluetooth Smart) signals, use
transmitters to push pertinent content
and information to devices which have
their Bluetooth enabled. Several leading
US retailers have now deployed beacon
networks, with Macy’s having installed
more than 4,000 in its stores.
Significant opportunity exists: forecasts
show that almost 1.6 billion coupons will be
delivered annually to consumers via
beacon technology by 2020.
This is up from just 11 million
this year, as retailers seek
to develop proximity
marketing campaigns in
and around their stores.
“Beacons are set
to provide a boost to
retailers, as we see major
players promote instore
offers and deals though mobile
devices, targeting consumers whilst they
are shopping,” explains Lauren Foye,
Juniper Research.
“Coupled with loyalty schemes and
rewards, retailers have clear potential to
monetise those setting foot in their stores,
aiding promoting in more traditional bricks
and mortar retail.”
Successful brands will be those who
capitalise on the wealth of data available
on consumer habits and interests, leading
to the implementation of targeted
advertising.
However, taking this one step further is a shift
to hyper-personalisation: where companies
effectively create bespoke, individualised
engagement across all brand offers,
thereby reinforcing the scale of customer
loyalty. A number of retailers already utilise
this method; Netflix, for example, stated
that recommendations made via hyper-
personalisation data accounted for 60
percent of its rentals in 2014.
Other key findings include:
• Over 80 percent of all coupons issued will
be on mobile devices by 2020, as opposed to
under 20 percent on PCs & laptops.
• The impact of ad blocking technologies
will see the equivalent of almost ten percent
of global digital advertising revenues
lost by 2020.
www.paymentscm.com payments cards and mobile / July / August 2016 29
e-commerce
ONE YEAR SINCE launch, Amazon has
expanded its Dash Button automated IoT
ordering service to more than 150 brands,
including beverage, grocery, baby, toy, pet
and household supplies brands.
Designed to prevent users from running
out of their favourite products, the Dash
Button is a small electronic device, which is
configured to order a specific product and
quantity via the user’s Amazon account.
The device is clearly branded with the
product name and designed to be fixed near
to where the product is used. Pressing the
button sends a Wi-Fi signal to the Amazon
Shopping app to automatically replenish
supplies. The user also receives a message
on their mobile phone and can cancel the
orders within a specific time window.
In the last three months, total Dash Button
orders have grown by 70 percent. For many
popular items, more than half the Amazon
orders are now made via Dash Buttons.
“Three months ago, we were excited to see
orders were occurring once a minute — now,
that rate has doubled,” said Daniel Rausch,
director of Amazon Dash.
It would be easy to be sceptical about
automated replenishment services. The
Internet of Things (IoT) seems to be inextricably
— and inexplicably — linked to various concepts
around the self-stocking refrigerator, when
clearly the potential is much greater.
Consumers are loyal to the brands that
add the most value and disrupt them
the least. Consumer-facing technology
brands, such as Amazon, have realised
this. They are adept in understanding
consumers as well as how to use
technology to deliver increased speed,
convenience, value and choice.
Amazon’s Dash Button saves users time
and hassle, especially for bulk orders of
oft-used supplies. They lock in loyalty to
Amazon and the participating brands.
And who is to say that the next Dash
Button will not go beyond the one brand
per Button, or be unbranded for users to
programme themselves?
ACCORDING TO EUROMONITOR’S data, Asia
Pacific continues to top the digital commerce
table in 2014 – 2015, with mobile retailing sales
reaching $200 billion, an increase of 113 percent.
In 2015, the region’s top 500 retailers
recorded total sales of $964 billion, declining
by five percent in current value terms due to
the strong dollar. However, Chinese companies
continued dominating the list, accounting for
33 percent of the ranking, according to the
13th ‘Retail Asia Top 500 Retailers Ranking’.
“Asia became the leader in online and
mobile commerce in 2013 – mobile retailing
in the region is two-and-half times larger
than that of North America, which is the
second largest market for mobile retailing,”
says Michelle Grant, head of retailing at
Euromonitor International. “It is likely that more
and more innovation in digital commerce will
come from Asia Pacific,” she added.
The ranking highlights the increasing
demand for convenience in Asia, driven
by urbanisation, smaller households and
an on-demand culture. The Philippines,
Thailand, and Vietnam were the only
countries to see all of their ranked retailers
grow in 2015.
The Retail Asia Top 500 Ranking, based
on Euromonitor International’s retailing
data, ranks the top retailers from 14 key
economies across Asia Pacific in terms of
total sales, number of outlets, sales area and
sales per square metres.
AMAZON EXPANDS DASH BUTTON ORDERING SERVICE
DIGITAL COMMERCE IN ASIA PACIFIC RECORDED 113% GROWTH IN 2015
ACCORDING TO FORRESTER Research,
US e-commerce is expected to reach $373
billion in 2016. That figure will grow to more
than $500 billion by 2020.
The study explores the drivers of online retail
sales growth in the US and the challenges the
industry faces in the years to come.
US online retail sales topped $100 billion
only in 2006, but by 2020, Forrester expects
e-commerce sales will have grown five-fold,
exceeding half a trillion dollars. Amazon is
estimated to have captured $23 billion more
in US e-commerce sales in 2015 than in 2014
(including its third-party marketplace). That
accounts for approximately 60 percent of
the total growth in US online sales in 2015,
says the report.
American online consumers stand to benefit
from shopping online with foreign merchants
because goods are less expensive, says the
report. By the same token, American online
merchants dependent on foreign shoppers
will experience a slowdown because US
goods are more expensive abroad.
Online sales grew 15.1 percent in Q1 and
accounted for 11.1 percent of retail sales
when factoring out items not normally
bought online. That is the highest
e-commerce penetration in history, as
web sales totaled $86.3 billion for the
period ended March, according to non-
adjusted estimates released by the US
Department of Commerce.
US E-COMMERCE HITS NEW RECORD OF $373 BILLION
US E-COMMERCE: 2015-2020
Year 2015 2016 2017 2018 2019 2020
Retail spend (US$ billions) $338.1 $372.5 $409.8 $448.5 $488.9 $530.6
Online buyers (millions) 185.8 189.7 193.7 197.8 202.0 206.2
Source: Forrester Research Online Retail Forecast, 2015 to 2020 (US), Q4 2015
30 payments cards and mobile / July / August 2016 www.paymentscm.com
FACEBOOK IS LAUNCHING a native store
locator where users can search for stores
around them.
This is a significant step towards
monetising its mobile platforms (i .e.
app and messenger apps) beyond
advertising and into the under-penetrated
on-demand/mobile payment space.
Given that Facebook is already testing
payments in its messenger where users
can book Uber, it comes as no surprise
that Facebook is testing a store locator so
it can strengthen its relationships with the
offline merchants by providing a robust
targeted location-based ad platform and
drive payment revenue.
Because Facebook is facing a maturing
North American market in terms of
user base and the need to exploit
alternative revenue sources beyond
social media advertising, local advertising,
e-commerce and payments are the ideal
drivers in the developed market.
Long-term implications could be expansion
of this platform to international markets,
thereby allowing Facebook to become a
more relevant player in the internet finance
space. The recent introduction of the store
locator positions the company for the
imminent O2O growth. This data is very
useful to advertisers because it allows them
to have a clear idea on how their ad budget
is driving in-store purchases and traffic.
Given that 90 percent of the retail
sales occurs in stores, this is certainly an
important tool for merchants given that
Facebook will have all the key data such as
user interest, shopping pattern and traffic
routine. The service will be rolled out in the
next few months and will address a key
barrier that many businesses have on ad
buying, making Facebook an even more
powerful ad platform for local businesses.
"The shift to mobile [usage] is the biggest
shift we are seeing in retail. In many ways,
mobile is as disruptive to e-commerce
as e-commerce was to traditional retail,
and many retailers still don’t know how
big of an impact it’s having," says Martin
Harbech, head of e-commerce and retail,
Facebook.
"The discovery of product often
happens on mobile. People
discover new content all
day, every day, on
Facebook and
Instagram and
that includes
p r o d u c t s .
Retailers need
to understand
how people
discover their
products and
why they end
up buying them."
FACEBOOK BUILDING UP ITS PAYMENT NETWORK
e-commerce
www.fime.com FIME IS YOUR TRUSTED IMPLEMENTATION PARTNER
Learn more
fime.com
> TRAIN > DESIGN > VALIDATE
One Action. A billion transactions.
Architecture& specifications
Business& strategy
Architecture& specifications
Business& strategy
REQUIREMENTSDEFINITION
Solutionselection FIME
test tools
PAYMENT SCHEMECERTIFICATION
Architecture& specifications
Business& strategy
REQUIREMENTSDEFINITION
Solutionselection FIME
test tools
PAYMENT SCHEMECERTIFICATION
HCE & CLOUD-BASEDPAYMENT
Design and validate the ecosystem with FIME
THE ENTERPRISE POINT of sale is
changing. It is becoming increasingly
mobile and payment is being integrated
together with other functionality.
One of the new breed of mobile payment
tablets is Albert, launched by AEVI in
Australia last year. AEVI, a subsidiary of
Wincor Nixdorf AG, jointly developed the
tablet with the Commonwealth Bank of
Australia and design company IDEO.
Part of the genius suite of terminals and
named after Albert Einstein, the Albert
tablet includes a card reader, receipt
printer and module to encrypt touchscreen
PIN entry. It was the first PCI-certified
touchscreen payment terminal.
PIN ON GLASS
PIN on glass, or PIN entry on a touchscreen,
has been a technical challenge within the
industry for some while. Mobile point of
sale (mPOS) solutions typically circumvent
this by pairing a mobile phone with a
hardware accessory via a physical or
wireless connection.
Consumers enter their PINs on the
mPOS hardware accessory, which
encrypts all card data to pass on to the
merchant’s mobile device. This helps to
keep the costs of card acceptance for
small merchants down. And does not
require any hardening of security on
the mass market consumer devices that
merchants may own.
PIN entry on a touchscreen has been
possible for some time, according to
Jeremy King, international director,
Payment Card Industry Security
Standards Council (PCI SSC). “However
this is PIN entry into a PTS-approved
(PIN transaction security) device, which
includes a security assessment of the
actual touchscreen, and the methods
used for translating the touchscreen into
PIN digits,” said King.
“The PCI PTS evaluation programme is a
thorough security evaluation of the point
of interaction (POI) device. This assesses
the physical security, logical security as
well as additional testing on specific items,
such as the secure read and exchange
of data (SRED), used during point to point
encryption,” continues King.
In conversation with PCM, Peter Spee,
director, platform business and business
development, AEVI explained how
Albert was approved for PIN entry on a
touchscreen.
“We have modified the Android kernels
as well as the entire Android stack to
increase its security. This includes the
handling of data, access to data storage
and networking capabilities to ensure that
whenever data is managed on the Albert
device and its hardened environment,
there is no possibility for any third party to
access the secure layer to obtain sensitive
data,” he said.
“Additionally, the hardening of the
Android device comes with monitoring
capabilities for our customers. This allows
them to ensure that the security of the
device is updated automatically in the case
of new vulnerabilities. We can also secure
the devices, disable access, networking
connectivity and so on.”
“All these things are under the umbrella
of hardening. Consumer devices do not
have this entirely. They are open and
when they connect to a WiFi access point,
this exposes them to all sorts of threats.”
ACCESSIBILITY FOR BLIND AND PARTIALLY-SIGHTED PEOPLE
How does PIN entry on a touchscreen work
for blind and partially-sighted people? A
traditional PIN pad has raised buttons and
a tactile element, usually on the middle
button ‘5’. A blind or partially-sighted
person can recognise the other digits from
this centre position.
“We have simulated this on glass. As
soon as the blind or partially-sighted
person touches the Albert when in
accessibility mode, this will be considered
the centre position. By swiping the screen
from that centre position, they can enter
their PIN,” said Spee.
This patented PIN entry method based on
swipe motions conforms to accessibility laws
in Australia and Germany. It is undergoing
accessibility testing in other markets.
ALBERT GOES GLOBAL
After a six-month pilot, the Commonwealth
Bank of Australia launched the Albert tablet
and the open-source app marketplace in
March 2015. Close to 37,000 devices have
been deployed so far.
AEVI has recently confirmed strategic
partnerships with Wirecard and Evo
Payments International to roll out Albert
terminals in Europe.
Work is underway on US roll outs.
“We are planning major activity in the
US because we believe that Albert will
only be global, if we are successful in
the US and have a marketshare there,”
concluded Spee.
NEXT GENERATION PAYMENT TABLETS LAUNCHED
pos terminals
32 payments cards and mobile / July / August 2016 www.paymentscm.com
2016MENA
5 - 7 December 2016 //The Intercontinental
Festival City, Dubai, UAE
1,000+ delegates 80+ speakers 40+ exhibitors
After nine successful years, Mobile Money & Digital Payments Global istransforming for 2016 into PayExpo MENA, bringing you even more
opportunities to network with the entire payments value chain!
A must attend event for anyone interested in making payments faster,easier and more secure, PayExpo Mena will bring the key players
together in this exciting location for the payments industry.
Find out more at www.payexpo.com/mena
To discuss sponsorship opportunities at PayExpo MENAplease email [email protected] or call +44 (0) 20 7384 7744
JOIN US IN 2016 FOR EVEN BETTER LEARNING AND NETWORKING OPPORTUNITIES!
2016 SPONSORS & PARTNERS:
Headline Sponsor: Gold Sponsor: Event Partners: Cryptocurrency Partner:Pre-Event Workshop Sponsor:
Exhibitors:
18461 PayExpo MENA Adverts_Layout 1 14/07/2016 15:40 Page 1
Learn more at bai.org
See Your Challenges with Clarity. Make Your Decisions with Confidence.
With trusted information, powerful tools, and actionable insights from BAI.
products
SANTANDER UK HAS announced that it is
experimenting with international Blockchain
payments. The lender is allowing transfers
of between £10 and £10,000 in any of
three currencies (GBP, EUR or USD) on the
Blockchain via a mobile app.
Once the app is downloaded, users
complete a profile and can make payments
via Apple Pay. Payments are confirmed
using Apple’s Touch ID and funds appear
in the recipient’s account the next
working day.
The Blockchain technology underpinning
the app is provided by Ripple, a provider of
global financial settlement technology.
Santander Innoventures, Santander’s
FinTech venture capital fund, invested an
estimated $4 million in Ripple’s Series A
funding round in October 2015.
Speaking at the time of the investment,
Mariano Belinky, managing partner,
Santander InnoVentures said: “Santander
has long been an advocate for modernising
banking infrastructure. In our recent
FinTech 2.0 report, we highlighted the
$20 billion opportunity available to the
financial services industry, and many of
the scenarios where distributed ledger
technology will have a positive impact.”
Ripple provides solutions to enable the
secure transfer of funds in any currency in
real time. Financial institutions use Ripple
and the Ripple protocol as an alternative to
correspondent banking. The decentralised,
distributed ledger allows users to post bids
or offers into aggregated global order
books, and the Ripple protocol finds the
most efficient path to match trades.
Santander is currently piloting
international Blockchain payments with
staff, with the intention of expanding the
technology at a later date.
SANTANDER STARTS BLOCKCHAIN TRANSFERS
ACI WORLDWIDE IS consolidating its
recent e-commerce acquisitions with the
launch of an SaaS-based e-commerce
payments solution.
Historically strong in the face-to-face retail
environment, ACI acquired e-commerce
fraud detection and prevention company
Retail Decisions (ReD) in 2014, and Munich-
based payment gateway PAY.ON last year.
The new SaaS solution helps merchants
expand globally by overcoming the twin
challenges of accepting locally-preferred
payment methods, and processing cross-
border payments on legacy infrastructure.
It includes plug-ins to major online
shopping carts and payment methods,
real-time fraud prevention, global
coverage and open platform technology
based on RESTful APIs.
“Because today’s consumers are
dynamic and demanding, merchants
are under ever-increasing pressure to
deliver optimal customer experience or
risk customer attrition. To succeed and
gain marketshare, merchants must make
payments a seamless part of the consumer
experience. UP eCommerce Payments
makes e-commerce simple, global and
secure,” said Mike Braatz, chief product
officer, ACI Worldwide.
AMERICAN EXPRESS HAS announced
the availability of Amex Quick Chip, a
technology that enables merchants to
provide a more seamless experience at
the point of sale for cardholders when they
pay with their EMV chip cards.
Amex Quick Chip is available to merchant
processors, which may deploy the service
to interested US merchants through a
software update to the merchants’ EMV-
enabled payment terminals. This provides
another option for merchants in industries
where having a fast check-out process is
especially important.
EMV technology reduces the risk of fraud
stemming from counterfeit payment cards by
storing information on a microprocessor chip
embedded in a card. Cardholders dip or insert
their EMV cards into a merchant’s payment
terminal instead of swiping their cards.
With Amex Quick Chip, cardholders
can dip their card during the check-
out process and remove it before the
transaction is completed. This can reduce
the time cardholders must keep their
cards inserted in the terminal, providing an
experience similar to swiping a magnetic
stripe card and enabling merchants to
streamline the checkout experience.
Importantly, Amex Quick Chip continues to
offer the same protection against counterfeit
cards that traditional chip cards do.
“Reducing friction for Card Members
and merchants is a key priority for
American Express,” said Mike Matan,
Vice President, Global Network Business,
American Express. “Amex Quick Chip
provides merchants operating in industries
where fast checkout speed is critical with
an option for ensuring cardholders can
quickly and efficiently pay for purchases
with their EMV chip cards.”
Amex Quick Chip is compatible with the
technical standards used in Quick Chip
services offered by other payment networks,
enabling processors and their merchants to
easily implement these solutions across all
card brands that they accept.
Amex Quick Chip is currently available
to processors, merchants and vendors in
the US.
ACI CONSOLIDATES ACQUISITIONS WITH E-COMMERCE LAUNCH
AMEX LAUNCHES QUICK CHIP FOR EMV CARD TRANSACTIONS AT POS
www.paymentscm.com payments cards and mobile / July / August 2016 35
Pali BhatGlobal Head of
Payment Products, Google
Dr. Injong RheeCTO & EVP of Software
& Services, Mobile Communications
Business,Samsung Electronics
Margaret KeanePresident & CEO,
Synchrony Financial
Lisa FalzoneCEO & Co-Founder,
Revel Systems
John SculleyBoard Member,Lantern Credit;
Former CEO,Apple & Pepsi
Oscar BelloPresident,
North America, Ingenico Group
Michael AbbottManaging Director,
North AmericaFinancial Services,
Accenture
Kausik RajgopalDirector,
McKinsey & Company
Thong M. NguyenPresident, Retail
Banking,Bank of America
Tom TaylorVP Fulfillment by
Amazon & Amazon Payments,Amazon
Glen RobsonEVP of Systems,
Verifone
Jack DorseyCEO & Founder,
Square
Osama BedierCEO,Poynt
Jon KaplanGlobal Sales,
Cristina CordovaHead of Business Development &
Strategic Partnerships, Stripe
Moira ForbesPresident & Publisher,
ForbesWoman
INDUSTRY-LEADING SPEAKERSHEAR FROM
Zia Daniell WigderSVP & Head of Content,
Shoptalk
10,000+ 1,000+ 500+ 3,000+ 75ATTENDEES CEOs SPEAKERS COMPANIES COUNTRIES
USE CODE PCM250 & SAVE $250 OFF THE CURRENT REGISTRATION PRICE
Visit www.money2020.com to Register Today [ ]
KEYNOTE SPEAKERS INCLUDE:
d_Money2020_Payment_Cards_Mobile.indd 1 7/18/16 10:20 AM
contracts
VOCALINK, THE BRITISH operator of the
Faster Payments service, has announced a
five-year deal with UnionPay International
to enable UnionPay cardholders to
access ATMs across Europe and the UK.
Under the deal, VocaLink will provide
ATM transaction processing and UnionPay
sponsored access.
With around 5.4 bill ion cards in
circulation, more than one-in-two (53
percent) bankcards issued globally is a
UnionPay card, according to recent Nilson
Report figures. The average value of a
UnionPay card withdrawal from a UK ATM
is five times higher than the average UK
domestic card withdrawal, VocaLink says.
The Chinese tourist market is growing
— around 117 million Chinese travelled
abroad in 2014, spending around $165
billion. Tourist numbers are forecast
to increase to 234 million by 2020,
according to the United Nations World
Tourism Organisation.
“This partnership represents a significant
milestone in our goal to increase access
to UnionPay cards internationally,” said
Wei Zhihong, general manager, UnionPay
International Europe.
PRIVATE EQUITY FIRMS Advent
International, Bain Capital and Clessidra
have acquired Setefi Services and Intesa
Sanpaolo Card from Intesa Sanpaolo for
€1,035 million.
Commenting on the announcement,
Luca Bassi, managing director, Bain
Capital Private Equity, said, “This
transaction is strategically important as
it adds Italy’s leading commercial bank
to our customer portfolio and gives us
exciting capabilities to increase services
and innovation across customers of both
ICBPI and ISP Processing.”
The transaction is expected to be
financed by a combination of debt
and equity financing arranged by the
shareholders. The deal is subject to
regulatory approval and is expected to
close but the end of 2016.
Advent International and Bain Capital
own the Nordic processing company Nets
and remain the two largest shareholders
in Worldpay.
FIME, A CERTIFICATION and testing
company, has been acquired from
Orange by independent investment
f irm Chequers Capital for an
undisclosed amount.
“FIME is operating in markets that
are experiencing major changes due
to technological developments. This is
happening in our core payments markets,
as well as in new areas of development,
such as machine to machine and Internet
of Things. To continue our sustained
growth in this context, FIME will invest in
R&D and further international expansion,”
commented Pascal Le Ray, CEO, FIME.
FIME’s management structure and
500-strong team across its seven
locations will remain unchanged.
GLOBAL BLUE, A Swiss-based tourist tax
refund company, has acquired Australian
firm Currency Select from Travelex for
A$65 million.
Currency Select was a standalone
subs id iary of the Travelex
Group, special is ing in dynamic
currency conversion (DCC), multi-
currency processing and payment
card acceptance.
The acquisition allows Global Blue to
expand its DCC offering across eight new
markets in the Asia Pacific and Middle
East regions.
ADVENT AND BAIN MAKE ITALIAN ACQUISITION
FIME ACQUIRED BY CHEQUERS CAPITAL
GLOBAL BLUE BUYS DCC FIRM CURRENCY SELECT
VOCALINK IN UNIONPAY ATM TIE-UPAMEX UPDATE US FRAUD POLICIES In an effort to promote further adoption of EMV in the US, American Express announced changes to its EMV chargeback policy to help merchants limit their fraud costs as they upgrade their POS systems. By the end of August 2016, merchants will not be held liable for chargebacks for counterfeit fraud when a transaction is under $25. In addition, by the end of 2016 American Express also plans to limit the number of counterfeit fraud chargebacks to a total of ten per card account. The card issuer – not the merchant – will bear the financial liability for any additional counterfeit fraud transaction that is disputed on a card account after ten chargebacks. This limit does not prevent a cardholder from disputing additional fraudulent transactions. “Combating fraud is an ongoing priority for American Express,” said Mike Matan, Vice President, Global Network Business, American Express. “We recognise the migration to EMV in the US is an effort that will take time, which is why we are making these policy changes in order to provide flexibility to those merchants that may need more time to upgrade their point-of-sale terminals to accept EMV chip cards.” The changes announced today by American Express will remain in effect until April 2018. The changes are expected to help reduce counterfeit fraud costs for merchants who have not yet upgraded their point-of-sale terminals to accept EMV chip cards. Analysis by American Express found that more than 40 percent of its counterfeit fraud chargebacks in the US are for transactions under $25.
www.paymentscm.com payments cards and mobile / July / August 2016 37
ACI Worldwide www.aciworldwide.com P19BAI www.bai.org P34Entrust Datacard Group www.datacard.com/pcm Cover P4FIME www.fime.com P1Money2020 www.money2020.com P36
OpenWay Group www.openwaygroup.com Cover P3PayExpo MENA www.payexpo.com/mena P33 Payment Cards Yearbooks www.paymentcardyearbooks.com P23RS2 www.rs2.com Cover P2
Ad Index July/August 2016
conferences
PayExpo Europe 2016
Nearly 2,300 delegates from 850 organisations across 52 countries attended PayExpo Europe 2016 at London’s Excel on 7-8 June, making the event 25 percent larger than last year. As well as plenary sessions, the event featured content streams dedicated to security, authentication and biometrics; the future of banking; connected commerce, and analytics, loyalty and localisation.
The conference saw the return of the Dragon’s Den. Four start-ups pitched their
business ideas to a panel of on-stage inquisitors and the audience. They included Divido
which aims to make point-of-sale instalments simple and paperless. PayKey bridges
social networks and banking via a keyboard app integrating payment functionality.
Multisense has developed a patent-pending face and finger pulse biometric platform.
And Coinsecure is connecting India to Bitcoin. The competition was won by Divido.
Elsewhere the boxing gloves were on for Payments Punch-Ups. There was fighting talk
in the ring as contestants argued about the move to a cashless society, social networks
for payments, banning non-KYC prepaid cards, among other hotly contested topics.
Forthcoming PayExpo events confirmed include:PayExpo MENA 2016, Dubai, 5-7 December 2016
PayExpo Americas 2017, Mexico City, 7-8 March 2017
PayExpo Europe 2017, London, 23-24 May 2017
NEED COPY
eCommerce 360 Europe7-8 September, Londonwww.wplgroup.com/aci/event/ecommerce-360-europe/
RegTech Summit13-14 September, Londonwww.regtech-summit.com/
Mobile Banking & Payments USA26-27 September, New Yorkopenmobilemedia.com/mobile-banking-and-payments-usa/
BAI Retail Delivery5-7 October, Chicagowww.bai.org
Money202023-26 October, Las Vegaswww.money2020.com
The Future of Nordic Banking2-3 November, Copenhagenwww.marketforce.eu.com/events/banking/nordic-banking
Cards & Payments Innovation Europe8-9 November, Madridwww.marketforce.eu.com/events/cards-payments-innovation-europe
Digital Banking Innovation Summit15-16 November, Praguewww.marketforce.eu.com/banking/payments-innovation-europe
Trustech 201629 November-1 December, Canneswww.trustech-event.com
The Future of Retail Banking29 November-1 December, Londonwww.marketforce.eu.com/banking/retail-banking
Conference diary
38 payments cards and mobile / July / August 2016 www.paymentscm.com
I OPENED A NEW ACCOUNT.
I was already excited about opening a new account, but when I visited the branch, they handed me my new debit card right there. I walked out with a
ready-to-use card — and bought myself a coffee.
What a remarkable experience.
Entrust Datacard offers a complete portfolio of hardware and software solutions to help you create these remarkable customer experiences. See how instant
issuance can enhance customer loyalty and drive new revenue.
Visit www.datacard.com/pcm to download the free white paper.
Entrust Datacard and the hexagon design are registered trademarks and/or service marks of Entrust Datacard Corporation in the United States and/or other countries. ©2016 Entrust Datacard Corporation. All rights reserved.