July / August 2016 / paymentscardsandmobile.com

Identity and

verification in

the digital age

in this issueCARD NOTES

Brexit impact

CHAT BOTS

Have you got a bot for that?

SECURITY

The insider threat

ISSUING & ACQUIRING

The un-virtuous circle of chargebacks

www.paymentscm.com

July | August 2016 Volume 8, Number 4

Editor-in-chief and publisher Alexander Rolfe Tel +44 1263 711 800 alex@paymentscm.com

Staff Writer Joyrene Thomas Tel +44 1263 711 800 joyrene@paymentscm.com

Contributors Lars AaseChris JonesJoyrene Thomas

Head of Business Development Wendy Sanders Tel +44 1263 711 801 Fax +44 1263 456 100 wendy@paymentscm.com

General Manager Gemma Haywood Tel +44 1263 711 800 Fax +44 1263 456 100 gemma@paymentscm.com

Subscriptions and General Gemma Rolfe Tel +44 1263 711 800 Fax +44 1263 456 100 gemma@paymentscm.com

Address Payments Cards and Mobile The Stable, Hall Yard Kelling, Holt NR25 7EW United Kingdom

Cover, Design and Origination Adam Unsworth

Printing Micropress Printers

All rights reserved. No part of the publication may be reproduced or transmitted in any form without the publisher’s prior consent. While every care is taken to provide accurate information, the publisher cannot accept liability for errors or omissions, no matter how caused.

Payment Cards and Mobile™ is owned and published by PaymentsCM LLPISSN 1759-829X

© PaymentsCM LLP 2016

Editorial Advisory Board

John BernsManaging Partner, Accourt

Sylvie Boucheron-Saunier General Manager, Continental Europe, ACI

Robert Courtneidge Global Head of Cards and Payments, Locke Lord

June Felix President – Europe, Verifone

Denise Gee Director, Magna Carta

Simon HardieDirector, Magna Carta

As the summer arrives in the Northern hemisphere and everybody realises that the earth is still spinning, despite some of the horror stories around Brexit, the payments industry can pat itself on the back and take a well-earned rest.

Sorry folks, that is the opening line to a payments industry a long time ago in a galaxy far, far away. The summer may have arrived, but those of you with your finger on the pulse will have realised that there is a lot going on with no let up.

In this issue we could hardly fail to present some initial outlooks for the payments industry around Brexit, but we have kept it to a minimum! Disruption and customer service are still of paramount importance to the industry. In this issue, we cast a critical eye over the evolving market of bots for banking, giving some insight into how the future of this nascent part of the industry might look.

Similarly, fraud does not always come down to nefarious organised crime gangs. Beware the insider threat in your organisation, they may not even realise that it is their carelessness and that of their management that is causing the issue.

Finally, identification and verification has always been at the heart of banking and payments, and now, in the digital age even more so. In this in-depth feature we discover how the industry and consumers are coping with the prolific rise of newer types of authentication.

Alexander Rolfe, Editor-in-chief and publisher, Payments Cards & Mobile

contents

4 payments cards and mobile / July / August 2016 www.paymentscm.com

NEWS IN BRIEF

6-7. THE PAYMENTS WORLD IN 60 DAYS

CARD NOTES

8. BREXIT: IMPACTS ON UK CONSUMER PAYMENTSFollowing Britain’s momentous decision

to leave the European Union, thoughts

inevitably turn to the potential impact on

UK consumer payments.

9. CARD FRAUD RISES GLOBALLYCard fraud rates are on the rise in many

parts of the world despite the widespread

adoption of fraud analytics solutions by

financial institutions and retailers.

10. DATA BREACH COSTS RISING TO $4 MILLION PER INCIDENTThe average cost of a data breach for

companies is around $4 million, a 29

percent increase since 2013, according

to a survey by the Ponemon Institute.

11 . VISA INC COMPLETES ACQUISITION OF VISA EUROPEThe deal is done. Visa Europe has sold

its European business to Visa Inc

and has ceased to be a membership

association.

11 . US RETAILERS SUE VISA OVER PIN-BASED DEBITWal-Mart is suing Visa Inc for the right

to choose how customers verify debit

card purchases in store.

11 . MASTERCARD FACE £19 BILLION CLAIM OVER FEESMasterCard is facing a multi-billion

pounddamages claim for imposing

interchange fees that were ultimately

borne by UK consumers.

ISSUING AND ACQUIRING

24. THE UN-VIRTUOUS CIRCLE OF CHARGEBACKSIs the card scheme dispute resolution

system broken?

24. GETTING THE FRAUD MANAGEMENT BALANCE RIGHTFraud management is a three-way

balancing act between minimising fraud

losses, minimising operational costs and

maximising revenue.

25. EC CRACK DOWN ON VIRTUAL CURRENCIES AND PREPAIDThe European Commission is proposing

to expand its anti-money-laundering

rules to cover virtual currencies and

prepaid cards, in a bid to fight terror

financing and tax evasion as revealed

in the Paris attacks and the Panama

Papers disclosures.

25. SBERBANK TO LAUNCH MVNO FOR MOBILE BANKINGThe Russian bank has founded a new

subsidiary – SB-Telecom – which will act

as an MVNO.

25. UK DEBIT CARDS REACH 100 MILLION FOR FIRST TIMEThere are now more than 100 million

debit cards in circulation in the UK for

thefirst time. The milestone was passed

in April, the latest figures from The UK

Cards Association show.

MOBILE PAYMENTS

26. MOBILE BANKING AND MOBILE PAYMENTS SURGE IN EUROPEIf you don't already bank, shop or make

mobile payments using your mobile

device, there’s a good chance that you’ll

start within the coming year.

27. THE STATE OF PAYIt's been a busy 60 days in the world

of mobile payments with further roll-

outs, new entrants and a prominent

withdrawal. PCM rounds up the latest

state of Pay.

COVER FEATURE

12-15.

IDENTITY AND VERIFICATION IN THE DIGITAL AGE

At a time when identity theft, account takeover and fraud losses are on the rise, how does the industry up its authentication game?

FEATURE: CHAT BOTS

16-18.

HAVE YOU GOT A BOT FOR THAT?

We track the rise and possible implications of bots for banking and business.

FEATURE: SECURITY

20-22.

THE INSIDER THREAT

Companies are faced with a two-fold problem: protecting their data from those who have access to it from the inside, and from those who exploit the human factor to access it from the outside.

contents

www.paymentscm.com

www.paymentscm.com payments cards and mobile / July / August 2016 5

CONTACTLESS

28. THE INTERNET OF THINGS & NFCBy connecting billions of familiar

devices, the Internet of Things (IoT)

promises to improve how we live, work

and play by turning our homes, cars,

offices and cities into smart,

interactive environments.

28. 60 DANISH BANKS LAUNCH NFC MOBILE WALLETNets has been selected by Danish

banking collective, the BOKIS

partnership,

to launch a new NFC mobile wallet

solution powered by its HCE and

tokenisation platform.

29. APP CHAOS AFTER APPLE’S NEW RULING UPDATEApple changes the terms and conditions

for app developers, which could well

cause chaos.

29. NFC VS IBEACON – DIGITAL RETAIL MARKETING SPEND TO DOUBLENew data has found that spend on

digital retail marketing is set to increase

from $174 billion in 2015, to $362.1

billion by 2020.

29. CONTACTLESS AT THE SPEED OF LIGHTIn the future, consumers may be able

to make contactless payments from any

smartphone using light instead of NFC.

E-COMMERCE

30. US E-COMMERCE HITS NEW RECORD OF $373 BILLIONAccording to Forrester Research, US

e-commerce is expected to reach $373

billion in 2016. That figure will grow to

more than $500 billion by 2020.

30. DIGITAL COMMERCE IN ASIA PACIFIC RECORDED 113% GROWTHAccoring to Euromonitor's data, Asia

Pacific continues to top the digital

commerce table in 2014 – 2015, with

mobile retailing sales reaching $200

billion, an increase of 113 percent.

30. AMAZON EXPANDS DASH BUTTON ORDERING SERVICEOne year since launch, Amazon has

expanded its Dash Button automated IoT

ordering service to more than 150

brands, including beverage, grocery,

baby, toy, pet and household supplies

brands.

31. FACEBOOK BUILDING UP ITS PAYMENT NETWORKFacebook is launching a native store

locator where users can search for

stores

around them.

POS TERMINALS

32. NEXT GENERATION PAYMENT TABLETS LAUNCHEDThe enterprise point of sale is

changing. It is becoming increasingly

mobile and payment is being integrated

together with other functionality.

PRODUCTS

35. SANTANDER STARTS BLOCKCHAIN TRANSFERSSantander UK has announced that

it is experimenting with international

Blockchain payments.

35. ACI CONSOLIDATES ACQUISITIONS WITH E-COMMERCE LAUNCHACI Worldwide consolidating its recent

e-commerce acquisitions with the launch of an

SaaS-based e-commerce payments solution.

35. AMEX LAUNCHES QUICK CHIP FOR EMV CARD TRANSACTIONS AT POSAmerican Express has announced the

availability of Amex Quick Chip, a technology

that enables merchants to provide a more

seamless experience at the point of sale for

cardholders when they pay with their EMV

chip cards.

CONTRACTS

37. VOCALINK IN UNIONPAY ATM TIE-UPVocalink, the british operator of

the Faster Payments service, has

announced a five-year deal with

UnionPay International to enable

UnionPay cardholders to access ATMs

across Europe and the UK.

37. ADVENT AND BAIN MAKE ITALIAN ACQUISITIONPrivate equity firms Advent International,

Bain Capital and Clessidra have

acquired Setefi Services and Intesa

Sanpaolo Card from Intesa Sanpaolo for

€1,035 million.

37. FIME ACQUIRED BY CHEQUERS CAPITALFIME, a certification and testing company,

has been acquired from Orange by

independent investment firm Chequers

Capital for an undisclosed amount.

37. GLOBAL BLUE BUYS DCC FIRM CURRENCY SELECTGlobal Blue, a Swiss-based tourist tax

refund company, has acquired

Australian firm Currency Select from

Travelex forA$65 million.

37. AMEX UPDATE USFRAUD POLICIESIn an effort to promote further adoption

of EMV in the US, American Express

announced changes to its EMV

chargeback policy to help merchants

limit their fraud costs as they upgrade

their POS systems.

CONFERENCES

38. PAYEXPO EUROPE 2016Nearly 2,300 delegates from 850

organisations across 52 countries

attended PayExpo Europe 2016 at

London’s Excel on 7-8 June, making the

event 25 percent larger than last year.

POST EVENT REPORT

www.payexpo.com/europe

2016EUROPE7-8 JUNE 2016 // EXCEL, LONDON

I loved it. I am new to the job and it has given me great insight. A great experience, I am keen to come again.Robert Ratcliffe, Payments Project Manager, Argos

“HELLO, WORLD.” SO BEGAN the

first Tweet sent by the UK intelligence

agency GCHQ in mid-May. The agency’s

debut on social media was a type of

computer in-joke. The words are among

the first programmers learn to write in

various coding languages. In an interesting

turn-around for an organisation more used

to listening to its customers, Andrew Pike,

director of communications at GCHQ, said:

“In joining social media GCHQ can use its

own voice to talk directly about the important

work we do in keeping Britain safe”. GCHQ

has around 34,000 Twitter followers.

A GROUP OF RUSSIAN banks

and financial services companies

has formed a private-sector consortium

focused on Blockchain applications,

according to Coindesk. Payment processing

firm QIWI, B&N Bank, Khanty-Mansiysk

Otkritie Bank, Tinkoff Bank and MDM Bank

are among those in the consortium. The

group will work on proofs-of-concepts, joint

research and technology standards, plus

policy outreach with domestic regulators.

The move comes months after QIWI hoped

to create a Russian R3CEV, a reference

to the 40-strong consortium focused on

developing distributed ledger technology.

FRENCH AND ITALIAN POLICE and

Europol have busted an international

ATM skimming ring estimated to have

caused more than €500,000 in losses.

The criminals harvested card data by

skimming ATMs across France, and created

fake cards to withdraw cash from ATMs in

Asia and the US. The operation resulted in

multiple house searches in France and Italy.

Micro cameras, card readers, magnetic

stripe readers and writers, computer and

mobile phone equipment, thousands of

blank plastic cards as well as two handguns

and five vehicles were seized. Nine people

were arrested.

PINTEREST’S ‘PIN IT’ BUTTON is now

available in the offline world following

a partnership with Brazilian furniture retailer

Tok&Stok. Shoppers with Pinterest accounts

and the PinList app can save furniture items

to their online pin boards when browsing

in-store. The physical ‘Pin it’ buttons contain

an internal circuit with a battery and low-

range BLE board. Pressing the button sends

a signal to the customer’s mobile, which

publishes the item online.

THE FINNISH GOVERNMENT IS to

pay prisoners via prepaid cards.

Each card is tied to a specific IBAN number

and prisoner and can be loaded by prison

authorities with wage payments as well as

by family members. “Offering a cashless

alternative is beneficial to both our prison

service and inmates as we can disburse

spend on the card on a constant basis.

This eliminates any issues with the safety

of prisoners’ transactions but also allows

economies of scale by operating a more

streamlined and efficient system across

our prison network,” said Eija-Riitta Nelin,

project manager at the Finnish criminal

sanctions agency.

THE BANK OF ENGLAND is

launching its own accelerator to

engage with FinTech firms on the unique

challenges a central bank faces. The

accelerator has already undertaken work

around data anonymisation, cyber security

and distributed ledger technology. Other

areas of potential interest for the Bank

include finding new ways to structure and

analyse large datasets, machine learning

around anomaly detection and pattern

recognition, and protection of the Bank’s

sensitive data. The move comes as the UK

Financial Conduct Authority announced

in May that it had opened a regulatory

sandbox for firms to test innovation.

YAHOO IS TO SELL more than 3,000

patents pertaining to internet search,

online advertising and cloud technology in a

deal that could bring in $1 billion, according

to The Wall Street Journal. Yahoo was one

of the first internet search engines and had

its first initial public offering in 1996. Some of

the patents for sale date back to this period.

The company has retained the services of

an investment bank specialising in patent

sales to run an auction, but did not give a

reserve price for the patents it wished to

sell. Yahoo is in talks with potential buyers

for a sale of its core business.

MICROSOFT HAS BOUGHT THE

professional networking site LinkedIn

for $26.2 billion, its biggest acquisition to

date and the biggest of the year so far. The

purchase price works out at $60 for each of

the 433 million users or $250 for each of the

105 million active users. Microsoft is hoping

to monetise data about users’ career

background, education and professional

connections with the acquisition, as well as

move more quickly into cloud computing.

news in brief

6 payments cards and mobile / July / August 2016 www.paymentscm.com

SCANDINAVIAN BANK, BANK OF Åland, is issuing bio-sourced cards

to support its Baltic Sea Project. The EMV

payment cards are made of a corn-based

plastic substitute, which is biodegradable

and non-toxic if incinerated. The design

on the card front is dedicated to the Baltic

Sea Project, with account details and

corporate logos appearing on the reverse.

Since the 1990s, the bank has offered

a savings account which donates 0.2

percent of deposits from its own funds for

environmental activities. The Åland Islands

are an archipelago in the Baltic Sea and the

smallest region of Finland.

THE NUMBER OF MOBILE

subscribers in Asia Pacific reached

2.5 billion in 2015 and will grow to 3.1 billion

by 2020, according to the GSMA. China,

India, Indonesia and Japan accounted for

more than three-quarters of subscribers in

the region. India is expected to add nearly

250 million new subscribers by 2020, but

smaller countries, such as Bangladesh,

Indonesia, Myanmar and Pakistan, will also

make major contributions.

SINCE OPENING A NEW YORK

office last year, international

payments platform, Currency Cloud, has

processed $500 million in the US during the

first half of 2016. The firm works with more

than 125 platform customers, including

crowdfunders and challenger banks, and

150,000 end-customers. Currency Cloud

processes over $10 billion payments a

year, across more than 40 currencies in 212

countries, and is regulated as an e-money

business by the UK Financial Conduct

Authority. Launched in January 2012,

Currency Cloud had raised $36 million in

funding as of June 2015.

A THANK YOU COSTS NOTHING, or so

the saying goes. But Citigroup and AT&T

are at legal loggerheads over the term. Citi

runs a card loyalty programme based on

the ‘thankyou’ brand in which AT&T was

a partner. However the bank has filed a

complaint at the US District Court saying

that the telephone company’s use of

‘thanks’ and ‘AT&T thanks’ in its own loyalty

scheme infringes its trademark rights to the

phrase ‘thankyou’. Citi claims that AT&T’s

use of the trademarks is likely to cause

customer confusion. AT&T plans to defend

the lawsuit, a spokesman confirmed.

THE CO-FOUNDERS OF LIBERTY Reserve, a Costa Rican-based digital

currency service, have been sentenced

to 30 years in prison between them

for money laundering and operating an

unlicensed money transmitting business.

Arthur Budovsky was sentenced to 20

years for conspiring to commit money

laundering. His former business partner,

Vladimir Kats, was sentenced to 10 years

for money laundering and operating an

unlicensed money transmitting business.

Liberty Reserve was incorporated in

Costa Rica in 2006 and described itself

as being the internet’s “oldest, safest

and most popular payment processor”.

It allowed users to open accounts and

transfer money, providing only their name,

date of birth and an e-mail address.

Liberty Reserve did not require users to

validate their identities and users routinely

established accounts under false names. A

federal agent investigating Liberty Reserve

was able to set up an undercover account

in the name of “Joe Bogus” with an

address of “123 Fake Main Street” in a city

named “Completely Made Up City, New

York”, according to court papers.

news in briefVisa is working with several Indian banks in order to utilise

the country’s biometrics-based national identity system to bring financial services and electronic payments to millions of people. The ‘Saral Money’ account from Visa, Axis Bank, HDFC Bank, ICICI Bank, Indian Overseas Bank and the State Bank of India is designed to solve the long-standing problem of how to authenticate the many millions of Indians without existing bank accounts or adequate forms of ID. They plan to tap into the government’s Aadhaar national identity system which uses fingerprint and iris biometric information to verify users and authorise payments. There are currently 210 million Aadhaar card holders, with the government planning to expand this to 600 million by 2015.

Just 3% of UK organisations have made preparations for the intro-

duction of SEPA for direct debits, lagging behind rivals in France and Germany as the countdown to the 2014 migration begins. The survey of 300 businesses in France, Germany and the UK conducted by Edgar Dunn & Company on behalf of Steria, finds that almost 70% of European businesses are aware of SEPA in general, and more than 80% of businesses have heard about SEPA Direct Debit in France and Germany. However, only 26% of UK businesses are aware of the mandate.

Sweden’s Swedbank is piloting the use of mobile couponing with

merchants in Uppsala, the country’s fourth-largest city which is attempting to eradicate cash as part of a local crime-fi ghting initiative. Swedbank is trialling the use of MasterCard’s mobile application Koy with high street merchants who can use the app to post deals to subscribers that can be redeemed from the user’s smartphone.

VeriFone has had the wind taken out of Sail, its app and dongle-based

system for turning smartphones into card acceptance devices. Having failed to gain traction with merchants, VeriFone will instead off er the technology to banks. Sail was launched in May 2012, but according to the company, the standalone economics of micro-merchant acquiring ultimately proved to be unprofi table.

Vietnamese payment switch operator Smartlink is working with Singapore

tech vendor Tagit to build a mobile bank-ing service. Tagit’s Mobeix platform will be available to over 40 million cardholders belonging to Smartlink’s more than 50 mem-ber banks. Vietcombank will be the fi rst to roll out the service, enabling customers to download an iOS, Android, BlackBerry or Java app that can be used for account information queries, fund transfers, bill payments and mobile top-ups. Through the Tagit system, Smartlink customers will also be able to con-nect with third parties such as utility compa-nies and government agencies.

Royal Bank of Scotland, Lloyds TSB and NatWest in the UK are in

a generous mood, having set aside £10 million to refund customers who forgot to pick up cash dispensed at the ATM. The banks are set to compensate hundreds of thousands of customers who made a withdrawal at the ATM but walked away without the cash. Unlike other banks which automatically re-credit consumer accounts when the machine retracts the forgotten cash, the banks diverted the funds into their own reserves account and only paid up if the customer asked for a refund.

US start-up Movenbank, which has positioned itself as a mobile-only, card-

less, branchless bank, may be forced to off er companion plastic cards to customers in order to be compliant with MasterCard rules. Movenbank is working with MasterCard on a planned February 2013 launch which will see customers issued with contactless stickers that they can attach to their mobile phones, says founder and CEO Brett King. However, he maintains that the fi rm is still “anti-card”.

news in brief

paymentscardsandmobile.com payments cards and mobile | January | February 2013 7

VeriFone has had the wind taken out

Insight is everything!In-depth analysis, industry snapshots, news in brief and authoritative features – Payments Cards and Mobile’s authoritative, impartial, editorial coverage separates hype from happening within the payment cards and mobile payment industry.

Timely insight - on paper - on screen subscribe now!

Visit:

www.paymentscardsandmobile.com

and click ‘Subscribe’

PCM_JF13_40pp.indd 7 28/01/2013 11:49

Timely insight on paper on screen on-line

subscribe now!www.paymentscm.com

www.paymentscm.com payments cards and mobile / July / August 2016 7

UKcard notesBREXIT: IMPACTS ON UK CONSUMER PAYMENTS

FIRST, LET US look at how the two Payment

Services Directives may be approached

by the UK government. Will the PSD1

remain on the statute book, and the PSD2

implemented as planned? The answer at

this stage is probably. Many aspects of

European legislation related to consumer

protection are likely to remain because they

did not fundamentally change existing UK

rights. The UK government’s approach to

account access is generally more progressive

than that embodied in the PSD2, so this

will probably be superseded by UK Open

Data Initiative.

The biggest change will be in the area of

licensing and passporting.

The FCA has established

a good reputation with

innovative European

payments businesses

for its regulatory regime.

These eMoney and

Payment Institutions will

probably have to move

their headquarters to

other European markets,

and the UK will be poorer

for it both commercially

and from an innovations

perspective. Changing the

approach to passporting

will affect the UK’s

cross-border acquirers the most. Many UK

acquirers rely on passporting FCA regulatory

licences to support their local acquiring offers

across the EU. Unless they already have

licences in other EU markets, acquirers will

need to seek new EU regulatory approval to

operate across the continent, and to sign new

merchant contracts.

Second, interchange regulation. The UK

CMA has always taken a close interest in

the payments market, and many issuers

expected interchange to decline in the

medium-term. It therefore seems unlikely

that credit interchange will suddenly return

to its previous levels. It may be that debit

migrates back to the historical fixed price

approach. This is particularly important within

the context of the announced move to a basic

0.2 percent (removing the 50p cap and 1p

fee) expected for Visa Debit in September. We

can therefore expect modest change in the

interchange arena.

How may the international card schemes

react? Both have substantial presence in the

UK, particularly Visa. It seems likely that Visa

Inc. will increase its presence in continental

Europe as part of a wider restructure

as other roles are migrated to the US.

MasterCard may also to shift its emphasis

to Waterloo away from Canary Wharf. Both

schemes will need to adapt their licensing

approaches, but these are already flexible

enough to accommodate the inclusion of

non-EU markets. Such moves by the card

schemes may be to the detriment of London

and the UK, but the impact will probably

be modest.

The impact on data processing and data

security remains unclear. Will the UK be

treated as an off-shore location for card and

payment processing? This will be a matter

for the lawyers to resolve, but it could affect

Visa’s UK processing hub, or MasterCard’s

rumoured purchase of VocaLink. New

payments processors arriving in Europe

from the US or Asia are also much less likely

to locate their business in the UK.

Will there be a substantial change in

the structure of issuers and acquirers of

consumer payments (either cards, credit

transfers or direct debits)? We have already

highlighted the impact on cross-border

acquiring, and both regulators and schemes

will need to adapt accordingly. On the issuing

side markets are unlikely to change their

activities as they are either domestically

focused, or already manage operations both

inside and outside the EU.

Will consumer spend day to day be

affected? Again, probably not. Consumers

in the UK do not use SEPA Direct Debits or

SEPA Credit Transfers domestically. They

will continue their

preference for cards

in store, and online.

The growth in online

payments will continue,

alongside the growth

in contactless in-store.

Similarly it seems

unlikely that there will

be a substantial change

in the merchant

landscape. The UK

will remain a vibrant

market where retailers

online and offline will

fight for consumer

spend. It seems less

likely that an exit from the EU will impact this

to any great degree.

There may be some potential downsides

particularly in the area of acquiring and

processing. Will there be any upsides? At this

stage it is a struggle to see any, which is a

great disappointment. Perhaps benefits will

emerge from the current maelstrom by 2017.

So, in conclusion, impacts on the UK

consumer retail payments market will most

probably be concentrated in areas such

as licensing, cross-border acquiring and

processing. However, in the long-term there

is optimism that the UK consumer payments

market is likely to remain innovative and

forward-looking and overcome these issues.

Following Britain’s momentous decision to leave the European Union, thoughts must inevitably turn to the potential impact on UK consumer payments. Chris Jones, director, PSE Consulting, provides some early thoughts on how the UK market may be affected.

8 payments cards and mobile / July / August 2016 www.paymentscm.com

CURRENT TOTAL CARD FRAUD RATED BY COUNTRY

CARD FRAUD RATES are on the rise in many

parts of the world despite the widespread

adoption of fraud analytics solutions by financial

institutions and retailers, along with EMV in most

countries, according to a new global from ACI

Worldwide and Aite Group.

The report 2016 Global Consumer Card

Fraud – Where Card Fraud Is Coming From

surveyed over 6,000 consumers across 20

countries. It reveals nearly 30 percent of global

consumers have experienced card fraud in

the past five years, classified as unauthorised

activity on three types of payment cards (debit,

credit and prepaid). 17 percent of respondents

experienced more than one incident of fraud,

compared to 13 percent in 2014.

The report warns that fraudsters

worldwide are getting more sophisticated.

It states that “the underground economy

for user information has matured so

much as to be indistinguishable from a

legitimate economy.”

Widespread risky behaviours, such as leaving

a smartphone unlocked when not in use, are

another reason for rising fraud rates. According

to the report, the overall risk for fraud is rising

due to the global increase in smartphone and

tablet usage. So-called application fraud is

equally on the rise due to consumers publishing

increasing amounts of private data on social

media platforms.

“Our latest report shows that card fraud

remains an issue of deep concern for

consumers worldwide. As fraudsters are getting

more organised, it is fair to say that, at this

point in time, the assumption should be made

that almost all users’ credentials and card

information has been compromised,” says

Andreas Suma, global lead fraud and data, ACI

Worldwide.

“It is also no surprise that there is a direct

correlation between fraud rates and consumer

trust and loyalty. As our data illustrates, for

financial institutions it is more critical than

ever to implement effective fraud prevention

solutions.”

COUNTRIES WITH THE HIGHEST PERCENTAGE OF CARD FRAUD

• In 2016, Mexico leads the way at 56

percent, followed by Brazil at 49 percent

and the US at 47 percent (In 2014, the

UAE, China, India and the US topped the list).

• The US is the only country to remain

in the top three list both years, due in

part to being a laggard in the roll-out

of EMV chip cards, so skimming and

data breaches continue to be

security challenges.

• European countries experience less card

fraud than countries in the Americas,

mainly due to earlier adoption of EMV

and other security advances; fraud

rates for the UK were 29 percent, Italy 27

percent and Germany 18 percent.

RISKY CONSUMER BEHAVIOUR

The report also reveals that risky consumer

behaviour is still widespread despite years

of education by financial institutions and

card issuers. It is surprisingly high in Europe

although fraud rates in these countries are

often among the lowest worldwide.

• 54 percent of global consumers exhibit

at least one risky behaviour (such as

keeping one’s PIN with the card) which

puts them at higher risk of financial fraud,

compared to 50 percent in 2014.

• 25 percent of French, 29 percent of Spanish

and 21 percent of Dutch respondents said

they had left their smartphone unlocked in

the last five years when not using it.

• 20 percent of Spanish and 18 percent

of Italian consumers have used online

banking or shopping without security

software on a public computer.

• 19 percent of Italian respondents admitted

they had made a note of their PIN and

carried it with them or kept it with their card.

“The data demonstrates that while consumer

trust is improving, financial institutions must

be proactive in their efforts to prevent card

fraud in order to retain customers,” said Ben

Knieff, senior research analyst, Aite Group.

“Consumer education and customer service

remain a challenge for financial institutions,

as risky behavior has a direct correlation to

experiencing fraud.”

CARD FRAUD RISES GLOBALLY

card notesGLOBAL

Dubai (UAE)

Italy

Spain

Indonesia

Thailand

New Zealand

Germany

Sweden

The Netherlands

Hungary

Mexico

Brazil

United States

Australia

India

Singapore

Canada

South Africa

France

United Kingdom

2016 (n=5,861)

0% 10% 20% 30% 40% 50% 60%0% 10% 20% 30% 40% 50% 60%

2014 (n=5,174) 2012 (n=4,813)

Dubai (U

AE)

Italy

Spain

Indonesia

Thailand

New

Zealand

Germ

any

Sweden

The Netherlands

Hungary

Mexico

Brazil

United States

Australia

India

Singapore

Canada

South Africa

France

United K

ingdom

2016 (n=5,861)

0%

10%

20%

30%

40%

50%

60%

0%

10%

20%

30%

40%

50%

60%

2014 (n=5,174)

2012 (n=4,813)

www.paymentscm.com payments cards and mobile / July / August 2016 9

Source: ACI 2016 Global Consumer Card Fraud

card notes GLOBAL

DATA BREACH COSTS RISING TO $4 MILLION PER INCIDENT

The average cost of a data breach for companies is around $4 million, a 29 percent increase since 2013, according to a survey by the Ponemon Institute. Companies lose around $158 per compromised record, with those in regulated industries such as healthcare reaching $355 per record. This represents a $100 increase on 2013 figures for each compromised record.

CYBERSECURITY INCIDENTS CONTINUE

to grow in both number and sophistication.

64 percent more incidents were reported

last year compared to 2014. However

companies can reduce the total cost

of data breach by having an incident

response plan and team in place.

SLOW RESPONSE AND LACK OF PLANNING COSTS COMPANIES

The survey conducted with around 400

companies worldwide found that the post-

breach response and regulatory mandates

can account for up to 60 percent of

breach costs. These costs are high in part

because around 70 percent of US security

executives reported not having an incident

response plan in place.

Proactively securing the services of

specialist data forensics, communications

and legal advisors in advance of a breach

may pay dividends. It may be possible

to agree more favourable terms by

negotiating ahead of time, rather than

in the immediate aftermath of a breach.

Regularly working through a series of

simulated crisis exercises can also help to

improve the efficiency and effectiveness of

the response team, and hone the incident

response plan.

While the survey found that the incident

response team was one of the biggest

costs of a data breach, it was also

the single biggest factor associated with

reducing breach costs. Leveraging such a

team could save companies as much as

$400,000 per incident, or $16 per record.

The study found that the longer it took

to detect and contain a data breach,

the more costly it became to resolve.

Breaches identified in less than 100

days cost companies an average of

$3.23 million. Whereas the costs spiralled

to $4.38 million on average for those

identified after 100 days.

THE COST OF DOING BUSINESS

“Over the many years studying the data

breach experience of more than 2,000

organisations in every industry, we see

that data breaches are now a consistent

‘cost of doing business’ in the cybercrime

era,” said Dr Larry Ponemon. “The

evidence shows that this is a permanent

cost organisations need to be prepared

to deal with and incorporate in their data

protection strategies.”

Companies have historically considered

business continuity and succession

planning risks . However they now

need to consider the fully-loaded costs

of a data breach and mitigate them

accordingly. These include lost staff

time and productivity, lost financial

revenues as a result of being unable

to trade or operate, and loss of

brand value, reputation, trust and

commercial contracts.

PER CAPITA COST OF A DATA BREACH BY COUNTRY SAMPLE FOR THREE ROOT CAUSES

US (64)

Germany (33)

Canada (24)

France (30)

Italy (24)

UK (41)

Japan (27)

UAE & Saudi Arabia (25)

Australia (26)

South Africa (19)

Brazil (33)

India (37)

$0

Malicious or criminal attack Systems Glitch Human Error

$100 $200

$236

$229 $203 $189

$186$189$230

$211

$185

$169

$162

$161

$150

$122

$114

$76 $49 $54

$95 $89

$88 $91

$117 $114

$112 $106

$119 $120

$152 $147

$138 $125

$189 $174

$213 $197

$300 $400 $500 $600 $700

Source: 2016 Cost of Data

Breach Study: Global

Analysis, Ponemon Institute

10 payments cards and mobile / July / August 2016 www.paymentscm.com

card notesGLOBAL

THE DEAL IS done. Visa Europe has sold

its European business to Visa Inc and has

ceased to be a membership association.

After amending the earn-out portion

of the deal to appease the European

Commission, and splitting the organisation

between scheme and processing, the sale

went through on 21 June.

The combined, global company now

provides digital payment products,

services and processing to about 17,100

financial institution clients and partners,

more than 40 million merchant outlets

and three billion Visa accounts worldwide.

Visa-branded cards and products enable

approximately $6.8 trill ion in global

payments volume annually.

Clients have received confirmation of

their share in the sale proceeds. Staff

received bonuses in the June pay packet

of £10,000 to £20,000, depending

on seniority.

Visa Europe and Visa Inc formally split

in 2008 when five out of six Visa regions

floated on the New York stock exchange as

Visa Inc. Visa Europe elected to maintain its

independent status as a membership

association owned and governed by its

more than 4,500 members.

Preparations for the sale have been

in the making for at least two-and-half

years. Visa Europe cut several hundred

jobs in 2014, scaled back the use of

contract staff, closed the final salary

pension scheme and sub-let more space

in its London headquarters. The future for

employees based in Europe, the UK-based

data centre and current headquarters

looks uncertain.

VISA INC COMPLETES ACQUISITION OF VISA EUROPE

WAL-MART IS SUING Visa Inc for the

right to choose how customers verify

debit card purchases in store, according to

Wall Street Journal reports.

In the lawsuit, Wal-Mart claims that

Visa has prohibited it from requiring PINs

only, forcing it to accept signature-verified

transactions. Signatures are easier to

forge and may be less secure than PIN-

verified sales. Signature-verified debit

card transactions are also generally more

expensive for retailers to accept than PIN-

verified transactions.

Supermarket chain Kroger is also

suing Visa over the requirement to

allow customers to sign for debit card

transactions. Kroger operates more than

2,700 stores in 35 states under a number of

brands, including Ralph’s, Harris Teeter and

Fred Meyer.

Kroger said Visa levied fines of $7 million

against it after it did not configure its

terminals to accept signature. Kroger also

said Visa told them that it would raise the

fees it charges to process debit transactions

and threatened to cut off all Visa debit

card acceptance.

A spokeswoman for Visa said the

company was reviewing the lawsuit and

would respond “in due course.”

Meanwhile Wal-Mart in Canada is to stop

accepting Visa cards due to what the

retailer described as “unacceptably high”

fees. Whilst specific payment terms were

not disclosed, Wal-Mart claimed that it still

hoped to reach an agreement with Visa.

Stores in Ontario will be the first to stop

accepting Visa, before the change is rolled

out to 370 stores nationwide.

MASTERCARD IS FACING a multi-billion

pound damages claim for imposing

interchange fees that were ultimately

borne by UK consumers.

The claim, which could reach £19 billion,

would be the biggest in UK legal history. It

is to be one of the first to be filed under the

Consumer Rights Act 2015.

The Act enables a collective damages

claim to be brought on behalf of a class of

people who have suffered loss. Claims can

be brought on an opt-out basis, meaning

claimants do not have to be recruited.

In 2014, MasterCard was found to have

infringed EU law by imposing interchange

fees on cross-border card transactions.

The claim is being championed by Walter

Merricks, a qualified lawyer and former

chief financial services ombudsman. “The

prices of everything we all bought from

1992 to 2008 were higher than they should

have been as a result of the unlawful

conduct of MasterCard,” said Merricks.

“My aim is to get the redress to which UK

consumers are entitled and to ensure that

MasterCard cannot hold on to the illegal

profits it made.”

A spokesperson for MasterCard said:

“MasterCard firmly disagrees with the basis

of this legal claim. Electronic payments

deliver real value to people online, in-store

and everywhere.”

US RETAILERS SUE VISA OVER PIN-BASED DEBIT

MASTERCARD FACE £19 BILLION CLAIM OVER FEES

www.paymentscm.com payments cards and mobile / July / August 2016 11

Identification and verification (ID&V) has always been at the heart of banking and payments, particularly in the digital age. After all, “on the internet, nobody knows you’re a dog” read the caption of the now-famous New Yorker cartoon. At a time when identity theft, account takeover and fraud losses are on the rise, how does the industry up its authentication game?

by Joyrene Thomas

cover story

Identity and verificationin the digital age

THE WORDS TO the theme tune of the

popular US TV crime drama CSI: Crime

Scene Investigation begin: “Who are you?

Who, who, who, who? I really want to know.”

For a show with identity at the core of every

episode, whether it is the identity of the

victim or the killer, the lyrics are entirely

appropriate. Fittingly the band that originally

recorded the song was called The Who.

Identity is the who of you. It is defined

as the state of having unique identifying

characteristics. It can also be the individual

characteristics by which a person or thing

is recognised. Verification is authenticating

that the person attempting to gain

physical or logical accepss is the same as

originally enrolled.

STATE OF THE NATION

Changing shopping habits, lifestyles

and technology are putting pressure

on traditional static, knowledge-based

authentication methods. According to the

Centre for Retail Research, online sales

in Europe (France, Germany, Italy, the

Netherlands, Poland, Spain, Sweden and

the UK) are expected to grow 16.7 percent

in 2016. Online sales in the US are forecast

to grow by 14.4 percent. As fraudulent

activity tends to follow transaction volume,

e-commerce fraud is also growing.

Fraud growth may inhibit consumer

spending online, but a poor a customer

experience, especially on mobile devices,

acts as a bigger deterrent. More than half

of UK smartphone owners (55 percent)

have abandoned a mobile transaction,

according to computer vision firm Jumio. A

2015 study found that customer concerns

about usability made up the top three

reasons for abandonment. Customers

were deterred by slow loading times

(32 percent), the payment process being

too complicated (27 percent) and by

difficulty navigating the checkout process

(26 percent).

Digital identity is currently fragmented.

Consumers typically have multiple accounts

across the different entities with which they

interact. This includes banks, government

agencies, utility companies, mobile and

12 payments cards and mobile / July / August 2016 www.paymentscm.com

cover storyother subscription services. Consumers

are suffering password fatigue. Entering a

password may be difficult using the small

keyboard and screen on a mobile device.

Remembering one, more difficult still as

the average person has around 90 online

accounts, according to password word

management company Dashlane.

At the same time, consumer expectations

around convenience and experience have

been reset by global technology brands.

Ordering a taxi by Uber, buying via Amazon

one-click or iTunes is the new benchmark

for speed, convenience and service. In

the quest for greater convenience, newer

authentication methods are increasingly

coming to the fore.

BODY OF EVIDENCE

Biometrics involves using measurable

physical characteristics as a way of

establishing or verifying identity. Examples

include fingerprints, facial, voice or iris

recognition, eye prints and heartbeat. The

use of biometrics in financial services is

on the rise.

Absa Bank was the first to trial new Visa

EMV chip-based biometric specifications.

The South African bank piloted fingerprint

validation at chip ATMs. Cardholders used

fingerprint readers to complete ATM

transactions, instead of entering a PIN.

Meanwhile MasterCard is expanding tests

of a smartphone app that uses fingerprint

and facial recognition to verify online

purchases. Worldpay has tested FingoPay,

a finger vein scanning technology, in

its staff canteen. Employees linked their

biometric data to a payment card to make

point-of-sale payments with their finger.

According to Guillaume Yribarren, vice

president, marketing, digital security and

authentication, Safran Identity & Security,

the use of biometrics tends to depend on

geography. “If you consider developing

markets, they are ahead in terms of

biometric usage. Their governments

consider biometry a cheap and convenient

way to identify citizens. In more developed

markets, there are concerns around

user acceptance of biometry and the

associations with the police, criminal justice

system and Big Brother,” he says.

This raises an interesting point about the

role of the state in championing biometrics;

funding the technology and logistics of

mass enrolment; building the ecosystem for

further biometric use cases, and partnering

to realise this. To what extent is it the role

of the sate — and only that of the state —

to undertake these activities? Could the

catalyst for change come from individuals,

the commercial or public sector?

Building the business case for identity

has traditionally been more difficult than

for payments. But as payments, identity is

a two-sided market. A critical mass on both

sides — individuals and identity verifiers

— is needed. Banks have an opportunity

to leverage their status as trusted

intermediaries in financial transactions to

become trusted identity authenticators.

Standardisation and interoperability is

naturally both a barrier and an opportunity

in this regard. 83 percent of respondents

to a 2015 Mobey Forum survey saw an

open biometric interface as a major

opportunity. This would allow banks to

retain control over the authentication data.

58 percent of respondents though it would

be beneficial to collaborate to create a

common interface, allowing one type

of authentication for multiple services.

Although 32 percent preferred to keep

ownership of their identification services for

differentiation and competitive advantage.

“One service provider educating the world [on biometrics] is Apple with TouchID.” Guillaume Yribarren, vice president, marketing, digital security and authentication, Safran Identity & Security

Meanwhile acceptance of biometry

among users is changing as it becomes

more widespread. “One service provider

educating the world is Apple with TouchID,”

Although only around one-in-five respondents to a 2015 Mobey Forum survey was using biometrics, 43 percent expressed an appetite to launch such services within the next year.

The Indian government is undertaking

the world’s largest citizen enrolment

programme, known as Aadhaar

(‘foundation’ in Hindi). Demographic

and biometric data is collected from

residents, who are issued with a

unique 12-digit number. Up to 1.2 billion

people are expected to be registered

on the central database, one sixth of

the world’s population.

The Aadhaar number enables

residents to identify themselves for

government services, such as social

welfare, medical care and passports.

It can also be used for electronic

know-your-customer (e-KYC) across

multiple banks. In a drive to enable

all Indians to have access to financial

services, the government opened

around 175 million bank accounts

last year under the Pradhan Mantri

Jan-Dhan Yojana (PMJDY) scheme,

according to the Financial Times.

In Nigeria, the bank verification

number programme launched by

the Central Bank of Nigeria uses

biometric identification from a single

central repository for stronger KYC

across multiple Nigerian banks. This

fingerprint and facial recognition

data has in turn been used in a

corruption crack-down of Nigerian

public servants. According to figures

released by German biometrics

firm, DERMALOG, almost 7.5 percent

of public servants audited did

not exist or were receiving their

salary unlawfully.

In Pakistan, the mandatory

biometric registration programme

for SIM ownership is being leveraged

to promote the growth of branchless

banking. Banks in Brazil are also

using biometrics to prevent fraudulent

account opening and facilitate card-

less cash withdrawals at ATMs.

MASS BIOMETRIC PROGRAMMES

www.paymentscm.com payments cards and mobile / July / August 2016 13

cover storycomments Yribarren. “It’s now very quick

and easy to unlock your iPhone with your

finger or thumb print compared to previous

passwords.” Fitting consumer smartphones

with the ability to capture biometrics also

transfers the hardware costs of biometric

enrolment to the consumer in the price

of the phone. However, why not go a step

further and use the phone itself as a type

of biometric?

YOU ARE YOUR PHONE

People are using their smartphones for

an average of five hours a day — about

a third of the time they are awake — and

check them about 85 times a day, research

from Nottingham Trent University suggests.

This supports the you-are-your-phone

argument. Or that mobile phones provide

a rich seam of personal and personalised

data to be analysed, at the very least.

Mike Lynch, chief strategy officer

at InAuth, a risk management and

authentication vendor agrees. “With

the advancements in mobile devices

themselves, there is the technical capability

to analyse mobile devices for thousands of

attributes, such as build information, media

details, usage, application and location

data,” he explains.

Analysing multiple sources of location

data ensures that they are consistent with

one another. Behaviour data can also tell

the difference between a human and

a bot or scripted session. Access at an

unusual time of day can be an indicator of

risk. The frequency of access could point

to a possible brute force attack, where a

fraudster repeatedly tests credentials to try

and gain access to the device.

“Accelerometer data can yield interesting

results. Is this device moving or always

stationery? Is it always plugged in? Some

of these characteristics, when combined

with other factors, can indicate a fraudster,”

continues Lynch. Similarly any sudden

changes in categories of data could

indicate possible account takeover and

the impersonation of a true customer.

“There are really many combinations of

elements that can indicate increased risk.

Then, a company can make a risk decision

and choose to challenge or deny that user,”

says Lynch.

THE SOCIAL GRAPH

Hitherto authentication has been based on

one or more of the following: something you

know, something you have and something

you are. Or knowledge, possession

and inherence. But as authentication

is increasingly about bringing together

physical and digital identity, what about

something you do, something you did, and

something you say or is said about you?

Physical appearance can be altered,

passwords compromised and fingerprints

lifted. Yet behaviour, transaction or credit

history, employment history, social media

activity and online reputation are all harder

to fake. Hence the difficulty spymasters

face in creating cover stories for spies in

the digital age.

London-based start-up, Veridu, is using

social media profiles and the individual’s

unique online footprint to verify identity

and create a trustworthiness score. Users

invest many hours into their profiles. Direct

messages with friends show patterns of

age distribution and frequency, which are

difficult and time-consuming to fake. Social

data also provides a record of everywhere

the user has been. This allows risk

assessments to be made on an individual’s

interactions and reputation. In the case of

payments, this is typically implemented

as a form of step-up authentication for

higher-risk transactions.

“It’s not about the payment. It’s about the identity,” Spencer Spinnell, director, emerging platforms, Google Inc on-stage at Money 20/20 Europe

Internet search companies, social networks

and online retailers are well-placed to

exploit the individual’s online footprint.

Google, LinkedIn and Facebook are

already authenticating users on third party

websites via single sign-on. Moving into the

identity space allows them to identify users,

but also side attributes to drive greater

personalisation — and revenues. The tech

giants definitely have form in this area,

namely building business models around

new sources of value and monetising

customer data and insights.

ONLINE PAYMENT AUTHENTICATION

Biometrics, behaviometrics and social data

are three newer authentication methods

currently in the ascendant. But what about

3D Secure, the original secure messaging

protocol for online payment authentication?

Created by Visa and Arcot Systems in 1999,

3D Secure gave consumers a way to

directly authenticate their card with the

issuer when shopping online. EMVCo is in

the process of updating the 3DS protocol.

“When we created the first version of

14 payments cards and mobile / July / August 2016 www.paymentscm.com

cover story3D Secure, personal computers were the

only channel available for consumers and

merchants to trade online. Consequently,

3D Secure 1.0 was specifically designed for

browser-based authentication,” explains

Guido Mangiagalli, head of e-commerce

acceptance, Visa Europe. Fast-forward

15-plus years and there are around

4.7 billion unique mobile subscribers

worldwide, according to 2015 figures from

the GSMA. This cannot but change the way

consumers, businesses and governments

interact and transact online.

“3D Secure 2.0 addresses the needs for an omni-channel experience. It optimises the consumer experience on mobile, PC and even digital television. Version 2.0 will be completely agnostic as to the device, as well as enable merchants to use 3D Secure in-app.”Guido Mangiagalli, head of e-commerce acceptance, Visa Europe

“There are two main differences

between 3D Secure version 1 .0 and

version 2.0. Firstly, the new specification

is optimised for any type of device, as well

as for in-app payment. Secondly, it will

be possible for merchants to pass more

information to card issuers to allow more

intelligent risk scoring,” says Mangiagalli.

The new authentication protocol is

designed to facilitate more background or

‘frictionless’, risk-based authentication. It

stands to reason. If merchants and issuers

have more data to recognise genuine

customer behaviour, device, location and

other established characteristics, there

is less need to ask for a password or

other credentials.

Visa already has some experience of

persuading card issuers to take a risk-

based approach to online authentication

using legacy 3D Secure. “A number of our

members have implemented risk-based

authentication for Verified by Visa, our

online customer authentication solution.

One issuer saw a 58 percent reduction in

abandonment rates post-implementation,

while fraud prevention rates remained

stable. Another experienced the same:

reduced abandonment, no increase in

fraud, and an 80 percent reduction in

in-bound calls from customers to reset

passwords,” says Mangiagalli.

According to an EMVCo press release,

the next generation 3D Secure specification

will also be enriched to support non-

payment user identification and

verification, as well as country-specific and

regulatory requirements.

THE FUTURE OF AUTHENTICATION

Authentication is changing. It is

encompassing new data sources from

biometrics and behaviometrics to social

data and online reputation. It is moving

from the use of historic data to more

current (even real-time) data, from the

static to the dynamic, from single factor

to multi-factor, and from the active to the

passive. Authentication has the potential to

become a continual background process

rather than an event or interaction with

the user. If authentication is always on, with

in-built, risk-based controls, this will offer an

improved, frictionless customer experience,

plus the possibility of new customer and

retail journeys.

If the consumer is in their car with a

wearable or mobile phone — each of

which may be a trusted authentication

device — the bank, retailer or service

provider can feel confident that they

are the genuine user. Why require step-

up authentication? Why break the flow?

Instead of the individual having to identify

themselves and prove they are genuine,

anyone who needs to know already knows

who they are. This turns authentication on

its head. It moves the authentication default

from user check-out to user check-in.

If the future of authentication relies on

bigger, better and faster data, this brings in

wider questions about data ownership and

data portability. The notion that data is owned

by the organisation holding the data (the

so-called ‘data controller’), not the individual

(the so-called ‘data subject’), is under threat.

Even if the terminology which evokes the

centralised sovereignty of data is not. The

revised Directive on Payment Services (PSD2)

makes provisions around access to payment

accounts. The EU General Data Protection

Regulation (EU GDPR) includes a section on

data portability. The move towards a more

open environment will mean opportunities

and threats for all companies handling data.

In this way, regulation will be the mother

of invention. It will act as a catalyst for

innovation and cultural change around how

we regard data, but also identity.

So, how will we identify ourselves in 20

years time? Many are predicting the death

of the password, but is this premature?

How much life is left in static passwords?

“Passwords won’t die soon. Passwords

add an authentication factor. They could

be considered complementary to other

authentication factors, especially biometry,”

says Yribarren from Safran Identity &

Security. “Passwords are still a very

efficient way to add a security layer on top

of biometry. You could access some very

secure areas on your smartphone with a

selfie as well as a password,” he concludes.

“Biometrics are one part of the answer to

replacing passwords,” agrees Lynch from

InAuth. “Another is identifying a device,

such as a smartphone, and using that

trusted token as another factor. To use the

mobile device as a trusted token, you must

assess that it is low risk, and that is where

analysis of many [device-related] factors is

important.”

Whilst biometrics, trusted devices and Big

Data authentication techniques will influence

their decline. Passwords are likely to live on

for a few more years yet as a secondary or

fallback authentication factor. Plus, different

companies are on different timelines.

Implementing new authentication methods

takes time and budget. Many companies will

adopt a phased approach and are unlikely to

migrate their entire customer base to a new

authentication method quickly. Passwords

as part of digital identity, verification and

authentication will be alive a while longer,

even for the most progressive organisations.

Digital identity itself is broad and still

evolving. Identity could well be the new

money. “Who are you? Who, who, who,

who?” It’s the who of you that banks, retailers

and consumer-facing technology companies

really want to know — and they have ways of

finding out.

www.paymentscm.com payments cards and mobile / July / August 2016 15

The move from apps to bots has been hailed as the new paradigm shift and the next big technological disruption. Messenger platforms and chat bots are being seen as the new way for businesses and users to communicate. PCM tracks the rise and possible implications of bots for banking and business.

by Joyrene Thomas

chat bots

Have you got a bot for that?

THE INCREASING USE of robots and

automation is being seen in every area

of society from robo financial advisors

to in-home care for the elderly. Attention

is now beginning to shift from apps to

bots, autonomous, artificial intelligence-

backed programmes that interact with

systems or users. These natural language

programmes allow businesses and

customers to communicate directly via

messenger chat platforms.

Thanks to integration with the user’s

contacts, messenger apps have scaled

quickly. WhatsApp has around one billion

users, Facebook Messenger 900 million

and WeChat 697 million. Consumers are

quickly adopting smart two-way messaging

apps as opposed to traditional, more

limited options such as SMS or e-mail.

Monthly usage figures show that messaging

apps continue to eclipse other forms of

social media as a conversational channel

of choice. With billions of active users

worldwide, messaging apps also far exceed

the reach of individual bank apps. The race

is now on to become the all-in-one hub for

chat, entertainment, business interactions

and payment — and to monetise this effort.

Satya Nadel la, Microsoft chief

executive, has outlined plans to put chat

bots at the centre of its future efforts.

Kik, a Canadian chat app, opened a

‘bot shop’ for apps in April . Tokyo-

based messaging app Line will launch a

smartphone call-centre using an artificial

intelligence bot later this year. In China,

Tencent-owned WeChat (or Weixin as it

is known locally) has long been a stalwart

of social networking, messaging and

e-commerce. With 697 million monthly

users, the WeChat app is ubiquitous in

Chinese social and business life as a

16 payments cards and mobile / July / August 2016 www.paymentscm.com

featurephone, messenger, gaming console and

e-commerce platform. Facebook has also

recently entered the fray when it launched

developer tools to build bots for its instant

messaging service.

ARE YOU BEING SERVED?

“Now that Messenger has scaled, we’re

developing ecosystems around it. The first

thing we are doing is exploring how you

can communicate with businesses,” said

Facebook co-founder Mark Zuckerberg at

the F8 developer conference in April.

“You probably interact with dozens of

businesses every day. But I’ve never met

anyone who likes calling a business. And

no-one wants to have to install a new app for

every service or business they interact with.”

“We think that you should be able to

message a business in the same way

you message a friend. You should get

a quick response and it should not take

your full attention like a phone call would,”

continued Zuckerberg announcing

the launch of developer tools for its

Messenger service.

This is as simple as it is insightful.

Customers measure the success of a

brand or service by how much value it

adds to their lives and how little it disrupts

them. They like facilitators of ease and

convenience. As such, there is huge

business value in making the complicated

simple. And little to no value in making the

simple complicated.

Messenger platforms have pinpointed

the customer pain point. Customers

are under-served by modern customer

service. Zuckerberg claims to have been

yet to meet the person who likes calling

a business. He has almost certainly

yet to meet the chief executive, who

has been thanked by a customer for

installing an interactive voice response

(IVR) switchboard.

“Press #1 if you are a new customer. Press

#2 if you are an existing customer. Press #3 for

balance enquiries.” “All our agents are busy at

the moment.” Almost everyone has been on

the receiving end of such customer customer

service. There has to be a better way to do this,

and the messenger providers agree.

Messaging a business in the same way

as messaging a friend is intuitive. It builds

on what customers already know or do.

It is quick and undemanding in terms of

effort or time. Customers do not have to

give it their full attention, which is a boon

for the tech-savvy, time-poor multi-tasker.

If a customer is already on the platform

or in a conversation, there is no need to

leave. The move from apps to bots is as

much a disruption in customer service as

it is in technology.

BANK BOT TRIALS

Barclays’ South African subsidiary Absa

Bank announced at the end of April that

it would pilot a chat bot, making it the first

bank to do so in Africa.

“At Absa, we are constantly seeking

new ways to be more relevant to our

customers. By aligning our user-centric

and Big Data expertise, we are able to

connect with our customers through

channel that they are actively using,” said

Yasaman Hadijbashi, chief data officer,

Barclays Africa.

The Absa chat bot will combine artificial

intelligence with machine learning. It will

get better over time as it trains itself. The

bot will answer simple customer questions

quickly, freeing up staff to focus on more

complex enquiries that require deeper

human insight. Absa can also learn what

individual customers regularly ask for,

in real-time, and make these options

easier to find.

Sberbank, the largest bank in Russia,

announced that it would be launching

Sberbank Messenger. This will allow users

to find, select and order goods and

services from business, talk with sales

representatives and receive personalised

special offers via a platform within

Sberbank Online. The service will undergo

closed beta testing in August.

Meanwhile Santander customers in

the UK can use voice banking via the

Santander SmartBank app in a similar

manner to Apple’s virtual assistant, Siri .

Basic features around card spending

are available in the first phase of the

technology roll-out. The second phase,

due for release later this year, will enable

customers to fully service their accounts,

including making payments, reporting lost

cards and setting up account alerts.

“The worlds of technology and banking

continue to evolve at pace,” said Sigga

Sigurdardottir, head of customer and

innovation, Santander. “We believe voice-

assistant technology has huge potential

to become an integral part of the future

banking experience.”

www.paymentscm.com payments cards and mobile / July / August 2016 17

featureBOT CONSIDERATIONS

Microsoft was forced to take its AI chat

bot, Tay (an acronym for ‘thinking about

you’), offline earlier this year after it made

a series of racist and sexist comments.

The tech giant claimed that users on

Twitter launched a co-ordinated attack,

which exploited a vulnerability in Tay. Aside

from hardening security to prevent brand-

damaging bot outbursts, what are some of

the considerations to bear in mind when

integrating messenger banking?

“What we learned when developing and

implementing WAY4 Messenger Banking

is that is it better to start with useful

services that will attract customers, such as

real-time customer support, P2P transfers

and exclusive offers. It is unlikely that

customers will start using a chat bot for

information about exchange rates and

branches nearby,” says Maria Vinogradova,

director of strategy and market intelligence,

OpenWay Group.

Messengers are conversational

environments where banks can interact

with customers in their own language and

in a familiar way. Vinogradova advises

banks to consider the nature and style of

the chat environment when programming

answers for the bot. “Additionally, anticipate

the most frequently asked questions to make

chatting easier. Most importantly, replicate

the simplicity of the customer experience

of messengers, otherwise users will not use

them,” she says.

“Start with useful services that will attract customers, such as real-time customer support, P2P transfers and exclusive offers.”Maria Vinogradova, director of strategy and market intelligence, OpenWay Group

As to the possible pitfalls to avoid,

Vinogradova advises seeing messenger

banking as complementary to existing

channels. “It is important to consider the

omni-channel approach. If customers use

messenger banking for P2P transfers for

example, it does not mean that they will not

use other channels, such as the bank’s mobile

app and those of other providers.” Messenger

banking should be seen as additional to, not a

replacement for, other channels.

“The messenger banking channel

demands a real-time response, so the KPIs

for the system of automated answers, and

the humans behind this, should reflect this,”

Vinogradova concludes.

CONVERSATION IS THE NEW INTERFACE

The general trend towards the use of

robots and greater automation is two-

pronged. Firstly, using automation to

standardise human processes for greater

efficiency. Secondly, humanising automated

engagement for greater personalisation.

But do consumers mind that they are

talking to a robot?

Probably not, if the bot gives them what

they want quickly and with minimum

fuss. Deployed correctly, chat bots help

fix broken customer service. They answer

customers in real-time and get better

and smarter over time. If banks heed the

learnings, so will they.

Chat bots still rely on an element of

self-service from customers. However,

customers may be more than willing to

invest time and effort, without having to

invest their full attention, in exchange for

convenience and better speed and quality

of service. Better service is only one aspect

of chat bots. The other is sales.

Social media platforms are moving

towards measuring interactions daily

rather than monthly, which speaks volumes

for their significance. In an attempt to

monetise their user bases, they are looking

to contextual or conversational commerce.

This is where consumers can transact

without leaving the moment or experience.

In a B2B context, contextual commerce

may go beyond simply payment to include

ancillary data, such as invoicing and

reconciliation data.

Messengers are a portal, a platform or

a new operating system, depending on

how you look at it. Conversation is the new

interface. Move over apps. The bots are

coming — ready or not.

“We think that you should be able to message a business in the same way you message a friend. You should get a quick response and it should not take your full attention like a phone call would.”Mark Zuckerberg, co-founder, Facebook at the F8 developer conference

LEADING SOCIAL NETWORKS WORLDWIDE BY NUMBER OF ACTIVE USERS (IN MILLIONS)

Source: Statista, April 2016

Facebook

WhatsApp

Facebook Messenger

QQ

WeChat

QZone

Tumblr

Instagram

Twitter

Baidu Tieba

Skype

Viber

Number of active users in millions

1,590

1,000

900

853

697

640

555

400

320

300

300

249

18 payments cards and mobile / July / August 2016 www.paymentscm.com

' 'With 1.6 billion people shopping online in 2016, spending more than $2 trillion annually, and with cross-border spending expected

to hit $1 trillion by 2020, the opportunities for merchant growth have never been so significant, varied and fast. Payments, and the

role they play converting shoppers into buyers, are becoming increasingly central to these growth trajectories. Savvy merchants

know that payments are integral to a great shopping experience, and understand that payment can often be the differentiator.

Eager to capitalize on the $2.2 trillion global eCommerce opportunity, merchants need to carefully determine which growth path to

pursue, and how to tackle the specific payment challenges that each growth path entails.''

Markus Rinderer, SVP Product Line Manager, ACI Worldwide

Which way to grow? Evaluating merchant growth paths in eCommerce

ADVERTORIAL

The rules of engagement between merchant

and consumer are fundamentally changing,

becoming more digital and more open.

Shoppers purchase goods and services at

home, at work, or on the go, in lieu of

buying from physical shops. Before purchase,

shoppers learn about products through online

review sites, and afterwards they use social

media to praise or disparage them. And to

complete purchases simply and securely,

shoppers have a growing number of payment

methods and mobile wallets to choose from.

This is digital commerce, and it is the primary

driver of retail sales growth in most markets

around the world.

Digital commerce has been a growth

opportunity for retailers and brands for more

than two decades, but today’s demographic

shifts and unparalleled advances in

smartphone technology have created new

opportunities. Millennials, the generation of

digital natives who do not remember a world

without the internet, are now the largest

segment of the U.S. population and comprise

24% of the European Union’s citizens. Plus,

more people now live in cities, automobile

ownership is decreasing in developed markets,

high-speed internet connections are becoming

ubiquitous, and smartphone penetration

still rising.

The net result is that digital commerce is

growing 10% to 20% annually, while in-store

sales remain flat, or are even shrinking by

as much as 5% per year in some markets. As

a consequence, retailers are focused more

intensely on growth through digital. But not

every merchant has the same starting point,

motivation, or resources, so growth strategies

vary widely.

ACI, the Universal Payments company,

identifies five key growth paths, which together

create a framework for understanding the

opportunities that come from digital channels.

Although winning strategies are highly specific

and no two merchants should expect the

same success with the exact same approach,

evaluating common growth scenarios, and

analyzing how successful merchants have

mastered the accompanying payments

challenges, can provide fresh insights for

merchants and their payment providers alike.

Going online for the first timeMerchants expanding into digital channels encounter

many new requirements; from customer experience

and logistics to cash management. These merchants

must balance the trade-offs between time to market

and ease of enablement with control and cost.

Diversifying channelsOptimization is a seemingly endless journey for online

merchants, given that the customer experience can

always be better, conversion rates can always be

higher, and fraud can always be lower. Operational

complexities are magnified when merchants expand

into non-direct distribution channels and business

models in which enablers, intermediaries, and

aggregators alter the requirements.

Merchants and acquirers are turning to their solution providers to enable them to pursue these

growth trajectories, and the question for those solution

providers is then whether they have the tools and technology to enable their merchants to grow –

any which way they choose.

Investing in mobileMobile is currently the priority for many businesses

because nothing else is driving more commerce growth today. Principles gleaned from traditional

eCommerce extend to mobile, but merchants must adapt the customer experience and operating model

in order to thrive.

Expanding internationallyAlthough cross-border expansion is comparatively

easier in digital commerce than traditional physical

commerce, it is still challenging. Competing for foreign

consumers requires marketing and operational

adaptation catered to local shoppers. The benefits of

cross-border expansion are undeniable, however, as

only China, the U.S., and the U.K. markets represent

more than 10% of total global eCommerce.

Expanding to POSUltimately, the lines between channels are blurring,

as brick-and-mortar merchants continue to venture

online, while eCommerce merchants increasingly

open storefronts. It is challenging for these omni-

channel merchants to offer shoppers a consistent and

seamless experience because payment services are

still too often divided between online and POS.

ACI Worldwide’s new whitepaper ‘Fast-track Merchant Growth Paths in eCommerce’ explores these five

growth trajectories in detail, illustrating each path with a real-world example, and setting out best practices for

enabling merchant growth strategies: www.aciworldwide.com/merchantgrowth

Companies are faced with a two-fold problem: protecting their data from those who have access to it from the inside, and from those who exploit the human factor to access it from the outside. With the rise in remote working, cloud computing and bring-your-own-device, we examine the changes needed to address the insider threat.

by Joyrene Thomas

security

The insider threat

TO BREACH A company’s security requires

sophisticated software, huge computing

power and a crack team of coders, right?

Wrong. A company’s own staff pose a

bigger threat to its security than malicious

outsiders. Insiders are responsible for

around 43 percent of data breaches, half

of which are intentional and half accidental,

an Intel report found.

The world’s best-known data breach

was an inside job. In 2013 former CIA

employee and US government contractor

Edward Snowden leaked thousands of

classified documents revealing government

surveillance activities. US soldier Chelsea

Manning is currently serving a 35-year

prison sentence, after disclosing classified

as well as sensitive military and diplomatic

material to WikiLeaks.

National security leaks aside, a SaliPoint

survey found that 20 percent of people

would sell company passwords for cash. 25

percent of employees would be prepared to

risk both their jobs and criminal convictions

by selling company data for less than

$8,000, according to a survey by data loss

prevention firm ClearSwift.

So much for the intentional. As to the

accidental, human error is still behind the

improper disposal of company information,

misconfiguration of IT systems, and lost

and stolen assets, such as laptops and

smartphones. According to Verizon’s 2016

Data Breach Investigations Report, around a

quarter of human errors involved sensitive

information being sent to the wrong person.

.

THE HUMAN THREAT

“The ‘insider’ is a broader church than

people think,” explains Piers Wilson, head

of product management at Huntsman, a

cybersecurity firm providing defence-grade

security. “You have employees, but even

within this group there are layers. You have

the aware and unaware, the deliberate and

accidental, internal and external insiders.”

“There are people who are malicious and

try to gain access to information or steal

data. Then you have people who are doing

something they don’t see as serious, such

20 payments cards and mobile / July / August 2016 www.paymentscm.com

featureas taking a list of contacts when they leave

a job. There’s also the accidental — people

who leave data lying around or store a

file on Dropbox so they can work on it

from home.”

Another data security challenge is the

extended enterprise. Companies may have

a large contractor workforce, plus third-

party partners accessing information via a

portal or shared system. So the risk surface

posed by the insider is growing. At the same

time, it is not always possible to impose the

same level of education and awareness on

everyone an organisation deals with. Staff

awareness training may not touch a whole

group of people accessing corporate data

and systems. This adds to the risk posed by

the insider.

THE TECHNICAL THREAT

As well as the human threat, companies

also have to contend with a growing

technical threat. The change in the

way IT is delivered within the enterprise

exacerbates the insider threat. There

is more cloud computing, more bring-

your-own-device (BYOD), more shadow

IT and more mobile devices, compared

to even five years ago. The challenge

for corporate IT departments is that

consumer technology prioritises simplicity

and convenience, not necessarily security.

The consumerisation of technology

means employees may by-pass IT

department constraints. Employees may

not necessarily want to wait for their IT

department to give them access to shared

file storage or an extranet, when it is easier

to source this via cloud providers. If a small

sales team in a remote office needs a way

to track and exchange contact details, they

can easily source their own web-based

CRM system. If the company imposes a

size limit for e-mail attachments, numerous

providers allow users to send gigabyte files

via the web for free. In all three of these

examples, data is being stored outside the

corporate data centre.

The growth of mobile devices means that

employees are increasingly creating and

accessing data via their mobile phones.

When it comes to joiners and leavers,

managing privileges in a world where a

company-issued laptop or mobile phone

is not the only way to access data is

challenging. Almost a third (32 percent) of

UK respondents to a survey conducted by

Centrify believe that it would be easy for an

ex-employee to log in and access systems

or information with old passwords. This

compares to 53 percent of respondents in

the US. Half (49 percent) say ex-employees,

contractors and third parties are ‘off-

boarded’ the day they leave, yet over half

also admit that it can take up to a week or

more to remove access rights.

THE WEAPONISATION OF THE INSIDER

The overlap between the human and the

technical threat is where phishing sits.

“Phishing is not really an insider attack,

but it’s where an outsider compromises

internal staff with an e-mail or attachment

that looks genuine. Before you know it,

the attacker has used one of your insiders

to gain access to your systems and data.

Phishing is the weaponisation of the insider,”

says Wilson.

CEO scams as a form of phishing or social

engineering are on the rise. It is estimated to

have affected 12,000 businesses worldwide

at a cost of more than $2 billion in the last

two years, according to the FBI. Criminals

spoof the e-mail address of the CEO or CFO

and instruct the recipient to transfer funds

to a bank account (usually controlled by the

criminals), settle an outstanding invoice or

update supplier bank account details.

Phishing is also used as a delivery

mechanism for malicious software and

ransomware. This infects a user’s computer

as a precursor to compromising and

exfiltrating data, or rendering it un-usable

until a ransom is paid. According to Verizon’s

2016 Data Breach Investigations Report, 30

percent of phishing messages were opened,

up from 23 percent last year. Around 13

percent of those went on to open the

malicious attachment or click on the link.

Attackers exploit human weaknesses

and vulnerabilities. In a study conducted by

the University of Luxembourg, almost 50

percent of people revealed their password

in exchange for chocolate. Scientists asked

passers-by about internet security, including

questions about their password. Those who

were not given chocolate at the beginning

of the interview revealed their password 30

percent of the time. Those who were did so

44 percent of the time.

“We investigated the psychological

principle of reciprocity. When someone does

something nice for us, we automatically feel

obliged to return the favour. This principle

is universal and important for the way we

function as a society,” said Andre Melzer,

co-author of the study.

That is how social engineering works. The

attacker can be as convincing as they want

to be. And as they have got the knowledge,

skills and patience to be, if that means they

are successful in getting access to data.

COUNTERING THE INSIDER THREAT

To combat the insider threat, organisations

need to shift their focus from the perimeter

to the data itself. “Traditionally companies

have been using the metaphor of the

castle, where you defend your perimeter

with a moat or a gate — an impenetrable

outside. Once you get inside, you have

free access,” says David Gibson, vice

president, strategy and market

“You have to recognise that people are increasingly using cloud, whether it’s file storage or shadow IT. You need a way of controlling, policing or at least monitoring that kind of cloud access.”

Piers Wilson, head of product management, Huntsman

“If banks were to secure money the same way as people secure data, they would put a lot of guards on the door but the vault would be open to anyone within the bank. There would be nobody watching who was taking money in and out.”

David Gibson, vice president, strategy and market development, Varonis

www.paymentscm.com payments cards and mobile / July / August 2016 21

development, Varonis, a provider of software

solutions for protecting data.

“Over the last ten years, the frequency

of breaches has increased. A lot of them

have a couple of things in common. Firstly

that the attacker was usually someone

inside already, or got in through stealing a

valid insider’s credentials. Secondly, what

is taken is usually unstructured data, such

as files and e-mails. Protecting data from

the inside out is flipping the metaphor.

Instead of focusing from the perimeter

in, it is building concentric security rings

around the data itself,” explains Gibson.

In addition to a change in focus, user

behaviour analytics (UBA) and Big Data

techniques have helped to invert the

traditional detection problem. Baselining

normal user behaviour helps anomalous

behaviour to stand out. A company

needs to know who is accessing which

fi les . Who is creating, opening and

deleting them? Who is sending e-mails

to whom? Gibson explains that modelling

this behaviour helps flag if a user deletes

an important file or directory, changes

access rights, or modifies 500 files in a

five minute period. Similarly, it can detect

ransomware and exfiltration of files.

“Before, we were using UBA to augment

preventative controls; now we are putting

emphasis on the detective aspect. This is

important because when you talk about

getting to a least-privileged model, there

is a lot of work to do. But to turn on the

detective controls takes a couple of hours,”

concludes Gibson.

IN SUMMARY

Almost one-third of respondents to a PwC

cybercrime survey said that insider crimes

were more costly or damaging than those

committed by external adversaries. Yet

less than half had implemented a plan

to deal with insider threats. This has to

change. To do otherwise is unlikely to be

commercially sustainable over the medium

to longer term. If companies do not act

now to protect data under their own terms,

they may find the regulator steps in. Those

in Europe, trading with Europe or storing

the data of European citizens will have to

comply with the EU General Data Protection

Regulation in less than two years. The data

clock is ticking.

Data security is about just that —

securing data. Almost every company

holds data about customers, staff or

partners. Almost every company has

intellectual property, strategic documents,

operating procedures or manuals,

marketing plans and so on. If something

has commercial value to a company, it

more than likely has commercial value

outside the company. Re-visiting first

principles is beneficial as they are still

valid. What data does the company have?

Where is it? And who has access to it?

Speed is important in countering the

insider threat. Companies must be able

to respond quickly to minimise the

time-at-risk. Focus needs to move from

being retrospective to predictive, and

controls from preventative to detective

and restorative. Companies should not

underestimate the challenge of the agile

adversary. Attackers are unconstrained

by change control , organisational

processes or budget cycles. They can be

as convincing as they want to be. And as

they have got the knowledge, skills and

patience to be, if that means they are

successful in getting access to data. Once

the attacker is inside, they are an insider.

security

THE INSIDER ATTRIBUTION TRAP

What motivates people

to steal data? The

reasons are many

and various. They

range from political,

ideological, financial

or malicious motives,

to carelessness and the

accidental.

An ex-Morgan Stanley

adviser was sentenced to three

years’ probation last year and

ordered to pay $600,000 restitution

to his former employer for taking

company data. The employee in

the private wealth management

division transferred confidential data

on 730,000 customers to a private

server in his home to advance his

career.

Meanwhile a senior employee at

British supermarket chain Morrisons

was jailed for eight years in 2015 after

posting details of nearly 100,000

colleagues online. Disgruntled at

being disciplined for using the

company mail room to send out

personal packages, the employee

stole payroll data, including salaries,

national insurance numbers and

bank account details. He posted this

online and sent it to newspapers.

Computer users would trade WiFi

access for their first born child for

the duration of eternity. Six people

failed to notice the so-called ‘Herod

clause’ contained in the terms and

conditions when they signed up at a

free WiFi hotspot in London.

Understanding the motivations

behind data theft and loss may

help prevent future losses. However,

assigning attribution can be difficult

and detract from business response

and continuity efforts. It is probably

more worthwhile to focus on threat

prevention, detection and recovery

plans. After all, robust plans will be

effective irrespective of the attacker

or motive.

“Having preventative controls is the right thing to do. But detective controls are much faster to implement and will work even if your preventative controls are not in place.”David Gibson, vice president, strategy and market development, Varonis

“Too much in the past has been around identifying things retrospectively. Moving from a historical, retrospective model to something which is more real-time, immediate and on-demand is a challenge.”Piers Wilson, head of product management, Huntsman

22 payments cards and mobile / July / August 2016 www.paymentscm.com

www.paymentcardyearbooks.com

Stay one step ahead with deep industry information and a wealth of statistics from central banks, interbank companies and associations and individual banks.

2015-16 EDITION Payment Cards Statistical Yearbooks 2015-16

ORDER NOW

In order to respond to the changing and new payment industry markets, the 2015-16 edition Yearbooks have been enhanced by adding:

• More issuer information – issued brands by issuer• More acquirer information – acceptance brands

by acquirer• More on contactless cards and digital wallets• More e-/m-commerce information, e-payments

mix and statistics • More on notable mobile payments initiatives• More on basic fraud trends and statistics• Mobile merchants and MPOS terminals • Notable market trends – battlefields in the

payment industry

European Payment Cards Yearbook and Eurasian Payment Cards Yearbook 2015–16 are available as a complete volumes or as individual country profiles.

To place an order, for further details, to view full synopsis or download a sample country report visit: www.paymentcardyearbooks.com

issuing and acquiring

CHARGEBACKS HAVE BEEN part of

card scheme dispute resolution rules for

decades and reflect consumer protection

regulations in many countries. However

they are also the ultimate un-virtuous

circle where almost everyone ends up

unhappy. Some of the parties also end up

out of pocket.

A chargeback is when a card payment

is returned. This may be because the

cardholder disputes the transaction.

For example, if services have not been

provided, merchandise is not received, is

defective or not as described. Or if the

transaction is fraudulent.

THE $40 BILLION CHALLENGE

Obtaining statistics on the cost of disputed

transactions is difficult. It depends on

write-off thresholds, system capabilities

and staff costs, which vary greatly by

financial institution or merchant.

Internal research from Verifi , a

chargeback prevention firm, suggests that

disputed transactions could be costing

merchants as much as $40 billion a year in

the US. And around £25-30 billion a year in

the UK. This includes the cost of penalties,

chargeback fees levied by acquirers,

excessive refunding, loss of merchandise

and staff time. However, for every $100

in chargebacks, it is estimated that the

merchant’s fully-loaded cost is around

$308 on average. This is in addition to the

costs incurred by issuers and acquirers to

process and contest chargebacks.

THE NETWORK EFFECT

“One of the most common reasons for

chargebacks is when consumers do not

recognise transactions on their statement.

Typically they call their card issuer instead

of the merchant. The issuer may have only

limited data and one of the only options

is to charge the transaction back. This

can take anywhere from 6-8 weeks,” said

Neil Smith, regional head of sales and

partnerships, UK/EMEA, Verifi.

“We have a dispute management

solution that sits before a chargeback. We

are connected to 12,000 merchants and via

an API connection can draw on data, such

as make, model, size, IP address, device

ID and product names. The issuer can

engage real-time with the merchant via

our network to resolve the dispute before a

chargeback even occurs.”

Smith also explained how SKU-level data

may be used by merchants as compelling

evidence that the cardholder participated

in the transaction. This is particularly in the

case of so-called ‘friendly fraud’ or buyer’s

remorse, where the cardholder participates

in the transaction but later denies this.

THE FUTURE

Issuers and merchants have an

incentive to work together on disputed

transactions. This benefits them and their

common customer — the consumer — by

cutting the time, cost and complexity

of resolving disputes. This helps build

the business case for companies that

assist in preventing chargebacks from

occurring. However, the bigger question

is whether the dispute resolution

mechanism for card-based payments is

still fit-for-purpose.

Payments is becoming more real-

time with sub-second authorisations

and settlement within hours or days at

most. Yet chargeback exposure is still

measured in months. In view of the fact

that alternative payment methods, such

as some ACH payments and Alipay, do

not have chargebacks, dispute resolution

is becoming a source of competitive

difference for payment types. When

prices, margins and costs are under

pressure, stakeholders may no longer be

prepared to absorb chargeback costs as

the cost of doing business.

PCM asked the major card schemes

how they planned to ensure the dispute

resolution process continued to meet

and balance the needs of stakeholders.

MasterCard and Visa declined to comment.

THE UN-VIRTUOUS CIRCLE OF CHARGEBACKS

FRAUD MANAGEMENT IS a three-way

balancing act between minimising fraud

losses, minimising operational costs and

maximising revenue. So, have businesses

got the fraud management balance right?

A survey of 200 UK businesses

by risk management company,

CyberSource, found that while fraud

itself was under control, there was still

work to do on minimising operational

costs and maximising revenue —

in short, achieving a better balance.

When asked about their main fraud

management challenges and priorities

for the next 12 months, losing revenue

to fraud ranked fifth out of the six

challenges asked about. This shows that

UK businesses largely felt that they had

fraud losses under control. However, the

top challenge for survey respondents in

the 2016 UK E-Commerce Fraud Report

was manual review. Merchants wanted to

spend less time, effort and budget doing

manual reviews.

The number of merchants performing

manual reviews on customer orders to

detect possible fraud has decreased

from 70 percent in 2010 to 50 percent

in 2016. The average number of orders

manually reviewed is 22.5 percent. Larger

businesses typically tend to review less,

given the challenges of scaling review

cost effectively.

Irrespective of the percentage of

orders reviewed manually, the average

accept/reject rate after review should be

as close to 50:50 as possible, contends

CyberSource. A ratio exceeding this

indicates the presence of factors

that could be worked into rules to

automate decis ions . This reduces

the amount of manual review, the

associated operational costs and lost

sales due to false positives, thereby

maximising revenue.

GETTING THE FRAUD MANAGEMENT BALANCE RIGHT

24 payments cards and mobile / July / August 2016 www.paymentscm.com

THE EUROPEAN COMMISSION is proposing

to expand its anti-money-laundering rules to

cover virtual currencies and prepaid cards,

in a bid to fight terror financing and tax

evasion as revealed in the Paris attacks and

the Panama Papers disclosures.

The proposals from the Commission, the

EU’s executive arm, also seek to strengthen

oversight of bank accounts and increase

transparency about the ownership of

trusts across the bloc according to The

Wall Street Journal.

The upper limit of non-reloadable prepaid

cards would be lowered to €150 ($167) from

€250. The perpetrators of the Paris terror

attacks used prepaid cards.

Under the proposals, virtual-currency

platforms, such as Bitcoin, would be brought

under anti-money-laundering rules that

should come into effect by the end of this

year. Those platforms would also have to

verify the identity of users and monitor

transactions, as banks currently do.

“Today’s proposals will help national

authorities to track down people who hide

their finances in order to commit crimes

such as terrorism,’’ said Commission vice

president Frans Timmermans. “Member

states will be able to get and share

vital information about who really owns

companies or trusts, who is dealing in online

currencies, and who is using prepaid cards.’’

Member states would be required to

create centralised registers of information

about bank- and payment-account holders,

which national authorities could access in

case of suspicious activities. The proposals

must be agreed by the bloc’s governments

and the European Parliament.

The Commission says such registers

would aid information sharing among

European financial-intelligence units, which

analyse dubious financial transactions

after being alerted by banks.

The Commission also announced

proposals to l imit loopholes used

to evade and avoid taxes. Under

new rules, tax authorities would gain

access to national anti-money-laundering

information, including the true owners of

companies and trusts. The proposal will

have to be approved by EU governments.

The Commission also said it would look

into automatically sharing information on

the true owners of companies and trusts to

clamp down on tax evasion by hiding funds

offshore. The effort follows disclosures

of documents showing how some clients

of Panama City-based law firm Mossack

Fonseca & Co. were allegedly able to

dodge sanctions and avoid taxes.

The new plans also foresee closer

scrutiny of the activities of tax advisers

— who often promote and facilitate tax

evasion or avoidance — and boosting

protection for whistleblowers who bring

many such cases to light.

The Commission is already working

on a blacklist of non-cooperative tax

jurisdictions that do not respect the bloc’s

tax standards and could eventually be

sanctioned. The list, intended to discourage

third countries from enabling aggressive

tax-cutting strategies, will be ready in 2017,

the Commission said.

SBERBANK, THE RUSSIAN bank, has

founded a new subsidiary – SB-Telecom –

which will act as an MVNO.

The new company wil l provide

telecommunications services for

companies within the Sberbank

group, as well as for customers of

the group. The new company has not

yet received any licences from the

federal telecommunications regulator

Roskomnadzor.

SB-Telecom has total

equity of RUB 100 million.

It is owned by Sberbank

indirectly, via companies

Digital Assets and

Digital Technologies.

Sberbank is reported

to have negotiated with

several mobile operators

on the launch of MVNO

from 2015. Tele2 Russia

and MTS have been

mentioned by sources in

the market as potential

partners. Sberbank serves

127 million private persons

across the country. The

launch of the MVNO

could help the bank with

security issues related to

its own services and to

SMS-dissemination.

THERE ARE NOW more than 100 million

debit cards in circulation in the UK for the

first time. The milestone was passed in

April, the latest figures from The UK Cards

Association show.

The number of debit cards in the UK

has grown by 2.7 percent in the past year,

up from 97.6 million to 100.3 million in April

2016. The 50 million card mark was passed

in February 2001.

Meanwhile, debit card spending reached

£37.8 billion in April, up 6.8 percent from

£36.5 billion the previous year. The growth

in the number of debit cards reflects the

changing ways in which consumers make

payments and access their money.

Consumers opening new bank accounts

routinely receive debit cards as standard.

The number of ATM-only cards has been

falling substantially in recent years, while

cheque guarantee-only cards ended with

the closure of the scheme in 2011. A total

of 61.8 million debit cards now feature

contactless technology.

EC CRACK DOWN ON VIRTUAL CURRENCIES AND PREPAID

SBERBANK TO LAUNCH MVNO FOR MOBILE BANKING

UK DEBIT CARDS REACH 100 MILLION FOR FIRST TIME

issuing and acquiring

www.paymentscm.com payments cards and mobile / July / August 2016 25

mobile payments

IF YOU DON’T already bank, shop or make

mobile payments using your mobile device,

there’s a good chance that you’ll start within

the coming year.

At least, that’s what the results of the

ING International Survey on Mobile Banking

2016 tell us.

The survey asked nearly 15,000 people

in 15 countries about banking, shopping and

paying with their mobile devices.

Results show that the share of

smartphone or tablet users in Europe who

use their device for banking has swelled to

47 percent – up from 41 percent in 2015 –

with another 16 percent expected to start

within the next 12 months.

“Mobile devices seem to be everywhere,

and many people can’t live without their

smartphone,” said Ian Bright, senior

economist at ING. “People don’t only want

to use their mobile phone in their everyday

life to manage their money — many

also reckon it helps them manage their

money better.”

More than 70 percent of those who use

mobile banking in the 13 European countries

in the survey indicated that they managed

their finances better as a result of mobile

banking. Outside of Europe, the figure was

slightly higher in the US (78 percent) and in

Australia slightly lower (61 percent).

MOBILE PAYMENTS

Pure banking isn’t the only thing Europeans

are doing more of on their mobile devices.

More people are also paying by mobile,

with 40 percent in Europe saying they’ve

used an app to pay on the go in 2016, up

from 33 percent in 2015. And 56 percent of

mobile device owners say they expect they

will “certainly” or “probably” use a mobile

payment app in the next 12 months.

If this trend continues, Europe could

overtake the US, where adoption rates have

remained static in the last 12 months at 42

percent, according to the data.

Shopping by mobile device has also made

notable gains in 2016, the report reveals. A 66

percent share of people in Europe are now

shopping on their smartphone or tablet, up

from 58 percent in 2015.

The onward march of mobile is one

contributing factor to the evolution of

a ‘cashless society’. There is, however,

significant variation in growth across the

continent. While two thirds in Turkey and Italy

(66 percent) agree they use physical cash

much less than 12 months ago, far fewer

in Austria (28 percent) and Germany (31

percent) are willing to give up their notes and

coins. The UK (52 percent) and France (53

percent) hover near the European average

(53 percent) for reducing cash use.

Confidence in contactless payments

has barely increased from last year:

fewer than half (46 percent) of the people

in Europe surveyed are sure about the

security of the technology.

“The mobile revolution is not a fad,”

said Bright, who specialises in consumer

economics with ING’s eZonomics.

MOBILE BANKING AND MOBILE PAYMENTS SURGE IN EUROPE

26 payments cards and mobile / July / August 2016 www.paymentscm.com

DO YOU USE MOBILE BANKING?

Source: ING International Survey on Mobile Banking 2016ING International Survey Mobile Banking 2016

15

The question

Shopping on the go – a pleasure for all

Which of the following have you purchased in the last 12 months using a mobile device, such as a smartphone or tablet? Percent who selected one or more item categories, from a list of seven.

Shopping by mobile phone makes impressive gains The proportion of mobile device owners who are shopping by smartphone or tablet is rising at an impressive rate in many of the 15 countries surveyed for Mobile Banking 2016.

The USA, France and the Netherlands see the biggest rises year on year in the proportion of people making purchases by mobile. In the Netherlands and France in 2016, 58% of people bought at least one item by smartphone or tablet in the previous 12 months. That compares with 42% in 2015. The USA’s share rises from 58% in 2015 to 74% in 2016.

The average European rise in the proportion that shopped by mobile in the past 12 months is eight percentage points year on year.

The smallest increase in mobile shopping is in Turkey, which already has a large share which buys by mobile. Its share of mobile shoppers is only up four percentage points year on year – from 84% in 2015 to 88% in 2016.

We should note that internet polling will likely include a larger share of technology users and, by extension, mobile shoppers.

ING International Survey Mobile Banking 2016

16

The question

Which of the following have you purchased in the past 12 months using a mobile device, such as a smartphone or tablet? Percent who bought at least one item.

Shopping on the go – a pleasure for all

Cooking up a feast in Turkey? Turkey is home to the world’s largest home-delivered meal ordering platform, Yemek Sepeti. And it has many other popular mobile purchasing platforms, like Trendyol, Markafoni and Morhipo. A high share in the survey bought one or more items by mobile in the last 12 months – but respondents in Turkey also tend to be young, educated and professional.

Clothing comes top for some – but choices do vary When shopping by smartphone or tablet in the last 12 months, the most popular purchases are items of clothing, with electronics coming a relatively close second.

Games, holidays, groceries and home-delivered meals are also frequent choices.

Buying clothing by mobile is most popular in Turkey, where 63% of mobile device owners made the purchase in the last 12 months, and least in Belgium (28%) and the Czech Republic (29%).

Mobile device owners in the Czech Republic also bought the least items by mobile in the last 12 months, looking across all seven purchase categories.

Home-delivered meals are also especially popular in Turkey, after clothing and electronics.

Thirty-four percent of people in the USA bought music by mobile in the last 12 months. In the USA, music is the number-three purchase after clothing and electronics, with games and groceries less often chosen.

WHICH OF THE FOLLOWING HAVE YOU PURCHASED IN THE PAST 12 MONTHS USING A MOBILE DEVICE, SUCH AS A SMARTPHONE OR TABLET?

IT’S BEEN A busy 60 days in the world of

mobile payments with further roll-outs, new

entrants and a prominent withdrawal. PCM

rounds up the latest state of Pay.

HANDSET MANUFACTURERS GO HEAD-TO-HEAD

Apple Pay, Samsung Pay and Android Pay

have all launched in Singapore — the only

market so far where the three ‘Pays’ are

going head-to-head. Apple Pay launched

in Switzerland in early July, and is known to

be eyeing both France and Hong Kong for

further expansion. Meanwhile Samsung Pay

launched in Spain and Australia.

“The opportunity for Samsung Pay

in Spain is significant, due to the high

smartphone penetration rate and the

digitalisation of the banking sector,” said

Celstino Garcia, corporate vice president,

Samsung Spain.

Research conducted by Ipsos for

Samsung Spain found half of Spaniards

aged between 35 and 65 carry more than

two debit or credit cards in their wallets. 64

percent of consumers use credit or debit

cards for all or most of their purchases,

which rise to 71 percent among people

aged 35-44.

Microsoft belatedly entered the mobile

wallet wars with the launch of Microsoft

Wallet for devices running Windows 10

Mobile. Issuers Bank of America, People’s

United Bank, US Bank and several US credit

unions are supporting NFC contactless

payment with Microsoft Wallet.

GAME ON FOR WALMART PAY. GAME OVER FOR CURRENTC

US retailer Wal-Mart has rolled out its

mobile payment app, Walmart Pay, to

4,600 stores nationwide. The company stole

a march on its retail rivals when it began

trials of Walmart Pay in December 2015.

The payment app works on iOS or Android

devices and can be set up with any major

credit, debit, prepaid or Walmart gift card.

Wal-Mart was a member of the

Merchant Customer Exchange (MCX), a

retailer-backed mobile payments group

behind the much-delayed CurrentC app.

Designed as an alternative to the ‘Pays’

offered by consumer technology brands,

CurrentC allowed payment by various

methods controlled by the retailer. These

included private label cards, coupons,

loyalty points or direct from bank account

payments, not cash or cards.

However, following a pilot in Columbus,

Ohio, MCX confirmed that it was postponing

its nationwide roll-out of CurrentC, laying off

30 staff and shifting focus to working with

financial institutions.

“MCX has made a decision to concentrate

more heavily in the immediate term on

other aspects of our business including

working with financial institutions, such as

our partnership with Chase, to enable and

scale mobile payment solutions,” said Brian

Mooney, CEO, MCX. “As MCX has said many

times, the mobile payments space is just

beginning to take shape — it is early in a

long game. MCX’s owner-members remain

committed to our future.”

Mobile payments may be a long game,

but MCX took too long to get to market.

“They came [into the market] too late,”

according to Thad Peterson, senior analyst,

Aite Group as reported in ATM Marketplace.

“It took them almost four years to launch

a pilot and that doesn’t work in this world.

And the value proposition was never settled

on either the consumer or merchant side.”

NATIONAL MOBILE INITIATIVES

The two mobile payment schemes in

Switzerland — Paymit and Twint — are to

merge under the Twint brand. The mobile

solution will continue to be open, allowing

Swiss banks to offer their own apps. Twint

will integrate Bluetooth, QR-Code, NFC

and future technologies for P2P and P2M

payments. The five largest Swiss banks

and service provider SIX behind Paymit

will participate in the single entity Twint AG.

Jiffy, the service developed by SIA to

send and receive money in real-time from

a smartphone, is coming to stores in Italy. A

P2M pilot is underway in the cities of Milan

and Bergamo, allowing customers to pay

via app at participating retailers acquired

by UBI Banca. Other major Italian banks are

expected to offer the service in the autumn.

Jiffy has topped 350,000 registered users

since the P2P service launched in Italy in

October 2014.

Elsewhere the Thai central bank has

launched PromptPay, which allows

individuals and businesses to transfer funds

using mobile phone or citizen ID numbers

instead of bank account numbers. A Danish

banking collective (the BOKIS partnership)

will launch a new NFC mobile wallet using

HCE and tokenisation platforms powered

by Nets. MintChip, the digital cash platform

started by the Royal Canadian Mint and

acquired earlier this year by Toronto start-

up nanoPay, is now available for P2P

transfers and P2M at selected merchants.

THE STATE OF PAY

mobile payments

www.paymentscm.com payments cards and mobile / July / August 2016 27

contactless

BY CONNECTING BILLIONS of familiar

devices, the Internet of Things (IoT)

promises to improve how we live, work

and play by turning our homes, cars,

offices and cities into smart, interactive

environments.

These are still early days for the IoT, but

the transformation has already started

with goals of improved safety, comfort, and

efficiency. The home environment is one of

the first targets in this transition.

In a new whitepaper, Simplifying IoT:

Connecting, Commissioning, and Controlling

with Near Field Communication – NFC Makes

the Smart Home a Reality, the NFC Forum

examines how the smart home ecosystem

will learn from our habits and automatically

adjust devices by using information from

connected processors and sensors in

appliances, wearables and other IoT devices.

The intelligent operation of IoT devices in

the smart home will leverage cloud-based

connectivity with manufacturers, power

companies, service providers, and related

operational data from IoT devices globally to

optimise functionality and the cost-efficient

use of resources.

Consumers will be the big winners in

this ecosystem due to an improved

quality of life. To address this long-

term vision, standards organisations like the

NFC Forum, are working with developers

and manufacturers to develop a wide

range of new platforms, applications

and services.

Connectivity is the enabler, with IoT

devices seamlessly communicating not

only with each other in the home but

also beyond the walls to cloud computing

platforms. Eventually, most devices will

be interconnected to collect sensor

data or enable control of the smart

home environment.

This means that in the future, so-called

rich UI devices like PCs or mobile phones

will be outnumbered by many small

headless devices with limited or no user

interface. The whitepaper describes

how Near Field Communication (NFC)

specifications will help developers and

manufacturers bring the benefits of IoT to

where we all live, work and play.

With almost 40 billion connected devices

expected by 2020 and over one billion

NFC-enabled devices already in the

market, NFC is a natural connectivity

technology for the Internet of Things. NFC

can bring user-friendly controls to devices

that lack a traditional user interface such

as a keyboard or screen. With a single tap,

NFC is uniquely positioned to provide:

• Ease of use – where a single tap

executes a user’s intention even when

there is no device interface.

• Explicit interaction – by requiring close

proximity for connection and data

exchange.

• Read and write capability – for

interactive data exchange enabling a

protocol.

• Communication with powered down

devices – to exchange data irrespective

of a device’s power status via

embedded NFC tags.

• Low cost – a fraction of other

connectivity technologies.

• Low energy – enabling connectivity

without a large power draw.

THE INTERNET OF THINGS AND NFC

60 DANISH BANKS LAUNCH NFC MOBILE WALLET

NETS HAS BEEN selected by Danish

banking collective, the BOKIS partnership,

to launch a new NFC mobile wallet

solution powered by its HCE and

tokenisation platform.

The BOKIS partnership includes 62 banks

that form the small to mid-sized banks

segment of the Association of Local Banks,

Savings Banks and Cooperative Banks

in Denmark, together with five Danish

regional banks: Jyske Bank, Sydbank, Spar

Nord Bank, Arbejdernes Landsbank and

Nykredit Bank.

The BOKIS mobile wallet solution will be

available to all customers of participating

banks, which collectively represent a

significant proportion of Danish cardholders.

“We are excited to be the first in Denmark

to announce our plans to deliver bank-

issued mobile wallets from our members,

providing a mobile payment solution that

delivers real payment convenience to our

customers,” comments Søren Nicolaisen,

managing director, Danish Regional

Bankers Association. “End users will be

able to pay just by ‘tapping’ their phone at

the contactless point-of-sale.”

Nets’ HCE and tokenisation platform

provides Nordic banks, such as those taking

part in the BOKIS partnership, with an open

and easily integrated transaction security

capability which dramatically simplifies the

process of supporting or deploying mobile

payment solutions.

The platform is based on internationally

recognised security standards and enables

banks to quickly and easily introduce HCE

and tokenisation into their own mobile

payment solutions, reducing time-to-

market and streamlining what can be a

long and complicated process.

Hans Henrik Hoffmeyer, SVP of mobile

services area in Nets, comments:

“Historically, Nets has developed and

operated the financial infrastructure

supporting and driving the Nordic banks’

payment solutions.

We have made significant investments

on behalf of our customers in becoming a

token service provider (TSP), which enables

Nets to provide the security

services that our banking

customers need to power

their future mobile

solutions and new

mobile services.

In short, we

e n a b l e

banks to

c o n t i n u e

‘business as

usual’ in the

mobile age.”

28 payments cards and mobile / July / August 2016 www.paymentscm.com

CONTACTLESS AT THE SPEED OF LIGHT

APP CHAOS AFTER APPLE’S NEW RULING UPDATE

IN THE FUTURE, consumers may be able

to make contactless payments from any

smartphone using light instead of NFC.

OPTO is a patent-pending contactless

technology, which transmits encrypted data

via colour-encoded light signals of different

frequencies to an optical reader. OPTO uses

light from the smartphone screen, which

unlike NFC is common to all smartphones.

Payment Technologies debuted a

prototype vending machine integrating

the OPTO solution at a trade fair in May.

It will start pilots of the new technology at

selected locations in September, with a full

roll-out of the technology slated for 2017.

AT THE RECENT Apple developer

conference, Apple presented the

redesigned and refreshed App Store. At the

same time Apple changed the terms and

conditions for app developers. One change

especially stands out and will/could mean

chaos for developers and users.

The addition in point 10.6 of the terms

and conditions has already started to upset

developers and app owners in Sweden in

particular, writes Lars Aase, consultant –

mobile & digital payments and VAS, Cards

and Payments Solutions AB.

This rule was to ensure that all apps

to be released in the App Store have

a general and good user experience.

The addition now stipulates that no app

is allowed that needs another app to

work. This is a challenge for popular

Swedish apps that need Swedish mobile

BankID for login/authentication and signing

of transactions.

Examples of apps that will be affected in

line with the update include super popular

mobile money transfer app Swish with

4.4 million users who transferred €1 billion

in May alone, all Swedish banks mobile

banking apps, all major governmental and

public services apps.

It is also worth remembering that Sweden

and the Nordics are iPhone countries with a

market share of around 50 percent.

The same goes also for neighbouring

Norway with their similar mobile BankID

app, used for login at mobile banks and

other services.

There are also strong implications for

other countries. However, following the

media backlash in Sweden, Apple seems

to have given Sweden an exception from

the new ruling on no app can be dependent

on another app to work to be approved in

Apple App Store.

The exception is for Sweden only and, it is

understood, for Mobile BankID-dependent

apps only — at least for now. It will be

interesting to see what will happen in

other markets…

contactless

NFC VS IBEACON – DIGITAL RETAIL MARKETING SPEND TO DOUBLE

NEW DATA HAS found that spend on

digital retail marketing is set to increase

from $174 billion in 2015, to $362.1

billion by 2020.

The research found that

while the digital retail

marketing industry will

continue to be dominated

by advertising revenues,

coupon contributions will

see strong growth, driven

in part by the rise of Bluetooth

iBeacons.

Beacons, which find the location of a

smart device using BLE (Bluetooth Low

Energy, or Bluetooth Smart) signals, use

transmitters to push pertinent content

and information to devices which have

their Bluetooth enabled. Several leading

US retailers have now deployed beacon

networks, with Macy’s having installed

more than 4,000 in its stores.

Significant opportunity exists: forecasts

show that almost 1.6 billion coupons will be

delivered annually to consumers via

beacon technology by 2020.

This is up from just 11 million

this year, as retailers seek

to develop proximity

marketing campaigns in

and around their stores.

“Beacons are set

to provide a boost to

retailers, as we see major

players promote instore

offers and deals though mobile

devices, targeting consumers whilst they

are shopping,” explains Lauren Foye,

Juniper Research.

“Coupled with loyalty schemes and

rewards, retailers have clear potential to

monetise those setting foot in their stores,

aiding promoting in more traditional bricks

and mortar retail.”

Successful brands will be those who

capitalise on the wealth of data available

on consumer habits and interests, leading

to the implementation of targeted

advertising.

However, taking this one step further is a shift

to hyper-personalisation: where companies

effectively create bespoke, individualised

engagement across all brand offers,

thereby reinforcing the scale of customer

loyalty. A number of retailers already utilise

this method; Netflix, for example, stated

that recommendations made via hyper-

personalisation data accounted for 60

percent of its rentals in 2014.

Other key findings include:

• Over 80 percent of all coupons issued will

be on mobile devices by 2020, as opposed to

under 20 percent on PCs & laptops.

• The impact of ad blocking technologies

will see the equivalent of almost ten percent

of global digital advertising revenues

lost by 2020.

www.paymentscm.com payments cards and mobile / July / August 2016 29

e-commerce

ONE YEAR SINCE launch, Amazon has

expanded its Dash Button automated IoT

ordering service to more than 150 brands,

including beverage, grocery, baby, toy, pet

and household supplies brands.

Designed to prevent users from running

out of their favourite products, the Dash

Button is a small electronic device, which is

configured to order a specific product and

quantity via the user’s Amazon account.

The device is clearly branded with the

product name and designed to be fixed near

to where the product is used. Pressing the

button sends a Wi-Fi signal to the Amazon

Shopping app to automatically replenish

supplies. The user also receives a message

on their mobile phone and can cancel the

orders within a specific time window.

In the last three months, total Dash Button

orders have grown by 70 percent. For many

popular items, more than half the Amazon

orders are now made via Dash Buttons.

“Three months ago, we were excited to see

orders were occurring once a minute — now,

that rate has doubled,” said Daniel Rausch,

director of Amazon Dash.

It would be easy to be sceptical about

automated replenishment services. The

Internet of Things (IoT) seems to be inextricably

— and inexplicably — linked to various concepts

around the self-stocking refrigerator, when

clearly the potential is much greater.

Consumers are loyal to the brands that

add the most value and disrupt them

the least. Consumer-facing technology

brands, such as Amazon, have realised

this. They are adept in understanding

consumers as well as how to use

technology to deliver increased speed,

convenience, value and choice.

Amazon’s Dash Button saves users time

and hassle, especially for bulk orders of

oft-used supplies. They lock in loyalty to

Amazon and the participating brands.

And who is to say that the next Dash

Button will not go beyond the one brand

per Button, or be unbranded for users to

programme themselves?

ACCORDING TO EUROMONITOR’S data, Asia

Pacific continues to top the digital commerce

table in 2014 – 2015, with mobile retailing sales

reaching $200 billion, an increase of 113 percent.

In 2015, the region’s top 500 retailers

recorded total sales of $964 billion, declining

by five percent in current value terms due to

the strong dollar. However, Chinese companies

continued dominating the list, accounting for

33 percent of the ranking, according to the

13th ‘Retail Asia Top 500 Retailers Ranking’.

“Asia became the leader in online and

mobile commerce in 2013 – mobile retailing

in the region is two-and-half times larger

than that of North America, which is the

second largest market for mobile retailing,”

says Michelle Grant, head of retailing at

Euromonitor International. “It is likely that more

and more innovation in digital commerce will

come from Asia Pacific,” she added.

The ranking highlights the increasing

demand for convenience in Asia, driven

by urbanisation, smaller households and

an on-demand culture. The Philippines,

Thailand, and Vietnam were the only

countries to see all of their ranked retailers

grow in 2015.

The Retail Asia Top 500 Ranking, based

on Euromonitor International’s retailing

data, ranks the top retailers from 14 key

economies across Asia Pacific in terms of

total sales, number of outlets, sales area and

sales per square metres.

AMAZON EXPANDS DASH BUTTON ORDERING SERVICE

DIGITAL COMMERCE IN ASIA PACIFIC RECORDED 113% GROWTH IN 2015

ACCORDING TO FORRESTER Research,

US e-commerce is expected to reach $373

billion in 2016. That figure will grow to more

than $500 billion by 2020.

The study explores the drivers of online retail

sales growth in the US and the challenges the

industry faces in the years to come.

US online retail sales topped $100 billion

only in 2006, but by 2020, Forrester expects

e-commerce sales will have grown five-fold,

exceeding half a trillion dollars. Amazon is

estimated to have captured $23 billion more

in US e-commerce sales in 2015 than in 2014

(including its third-party marketplace). That

accounts for approximately 60 percent of

the total growth in US online sales in 2015,

says the report.

American online consumers stand to benefit

from shopping online with foreign merchants

because goods are less expensive, says the

report. By the same token, American online

merchants dependent on foreign shoppers

will experience a slowdown because US

goods are more expensive abroad.

Online sales grew 15.1 percent in Q1 and

accounted for 11.1 percent of retail sales

when factoring out items not normally

bought online. That is the highest

e-commerce penetration in history, as

web sales totaled $86.3 billion for the

period ended March, according to non-

adjusted estimates released by the US

Department of Commerce.

US E-COMMERCE HITS NEW RECORD OF $373 BILLION

US E-COMMERCE: 2015-2020

Year 2015 2016 2017 2018 2019 2020

Retail spend (US$ billions) $338.1 $372.5 $409.8 $448.5 $488.9 $530.6

Online buyers (millions) 185.8 189.7 193.7 197.8 202.0 206.2

Source: Forrester Research Online Retail Forecast, 2015 to 2020 (US), Q4 2015

30 payments cards and mobile / July / August 2016 www.paymentscm.com

FACEBOOK IS LAUNCHING a native store

locator where users can search for stores

around them.

This is a significant step towards

monetising its mobile platforms (i .e.

app and messenger apps) beyond

advertising and into the under-penetrated

on-demand/mobile payment space.

Given that Facebook is already testing

payments in its messenger where users

can book Uber, it comes as no surprise

that Facebook is testing a store locator so

it can strengthen its relationships with the

offline merchants by providing a robust

targeted location-based ad platform and

drive payment revenue.

Because Facebook is facing a maturing

North American market in terms of

user base and the need to exploit

alternative revenue sources beyond

social media advertising, local advertising,

e-commerce and payments are the ideal

drivers in the developed market.

Long-term implications could be expansion

of this platform to international markets,

thereby allowing Facebook to become a

more relevant player in the internet finance

space. The recent introduction of the store

locator positions the company for the

imminent O2O growth. This data is very

useful to advertisers because it allows them

to have a clear idea on how their ad budget

is driving in-store purchases and traffic.

Given that 90 percent of the retail

sales occurs in stores, this is certainly an

important tool for merchants given that

Facebook will have all the key data such as

user interest, shopping pattern and traffic

routine. The service will be rolled out in the

next few months and will address a key

barrier that many businesses have on ad

buying, making Facebook an even more

powerful ad platform for local businesses.

"The shift to mobile [usage] is the biggest

shift we are seeing in retail. In many ways,

mobile is as disruptive to e-commerce

as e-commerce was to traditional retail,

and many retailers still don’t know how

big of an impact it’s having," says Martin

Harbech, head of e-commerce and retail,

Facebook.

"The discovery of product often

happens on mobile. People

discover new content all

day, every day, on

Facebook and

Instagram and

that includes

p r o d u c t s .

Retailers need

to understand

how people

discover their

products and

why they end

up buying them."

FACEBOOK BUILDING UP ITS PAYMENT NETWORK

e-commerce

www.fime.com FIME IS YOUR TRUSTED IMPLEMENTATION PARTNER

Learn more

fime.com

> TRAIN > DESIGN > VALIDATE

One Action. A billion transactions.

Architecture& specifications

Business& strategy

Architecture& specifications

Business& strategy

REQUIREMENTSDEFINITION

Solutionselection FIME

test tools

PAYMENT SCHEMECERTIFICATION

Architecture& specifications

Business& strategy

REQUIREMENTSDEFINITION

Solutionselection FIME

test tools

PAYMENT SCHEMECERTIFICATION

HCE & CLOUD-BASEDPAYMENT

Design and validate the ecosystem with FIME

THE ENTERPRISE POINT of sale is

changing. It is becoming increasingly

mobile and payment is being integrated

together with other functionality.

One of the new breed of mobile payment

tablets is Albert, launched by AEVI in

Australia last year. AEVI, a subsidiary of

Wincor Nixdorf AG, jointly developed the

tablet with the Commonwealth Bank of

Australia and design company IDEO.

Part of the genius suite of terminals and

named after Albert Einstein, the Albert

tablet includes a card reader, receipt

printer and module to encrypt touchscreen

PIN entry. It was the first PCI-certified

touchscreen payment terminal.

PIN ON GLASS

PIN on glass, or PIN entry on a touchscreen,

has been a technical challenge within the

industry for some while. Mobile point of

sale (mPOS) solutions typically circumvent

this by pairing a mobile phone with a

hardware accessory via a physical or

wireless connection.

Consumers enter their PINs on the

mPOS hardware accessory, which

encrypts all card data to pass on to the

merchant’s mobile device. This helps to

keep the costs of card acceptance for

small merchants down. And does not

require any hardening of security on

the mass market consumer devices that

merchants may own.

PIN entry on a touchscreen has been

possible for some time, according to

Jeremy King, international director,

Payment Card Industry Security

Standards Council (PCI SSC). “However

this is PIN entry into a PTS-approved

(PIN transaction security) device, which

includes a security assessment of the

actual touchscreen, and the methods

used for translating the touchscreen into

PIN digits,” said King.

“The PCI PTS evaluation programme is a

thorough security evaluation of the point

of interaction (POI) device. This assesses

the physical security, logical security as

well as additional testing on specific items,

such as the secure read and exchange

of data (SRED), used during point to point

encryption,” continues King.

In conversation with PCM, Peter Spee,

director, platform business and business

development, AEVI explained how

Albert was approved for PIN entry on a

touchscreen.

“We have modified the Android kernels

as well as the entire Android stack to

increase its security. This includes the

handling of data, access to data storage

and networking capabilities to ensure that

whenever data is managed on the Albert

device and its hardened environment,

there is no possibility for any third party to

access the secure layer to obtain sensitive

data,” he said.

“Additionally, the hardening of the

Android device comes with monitoring

capabilities for our customers. This allows

them to ensure that the security of the

device is updated automatically in the case

of new vulnerabilities. We can also secure

the devices, disable access, networking

connectivity and so on.”

“All these things are under the umbrella

of hardening. Consumer devices do not

have this entirely. They are open and

when they connect to a WiFi access point,

this exposes them to all sorts of threats.”

ACCESSIBILITY FOR BLIND AND PARTIALLY-SIGHTED PEOPLE

How does PIN entry on a touchscreen work

for blind and partially-sighted people? A

traditional PIN pad has raised buttons and

a tactile element, usually on the middle

button ‘5’. A blind or partially-sighted

person can recognise the other digits from

this centre position.

“We have simulated this on glass. As

soon as the blind or partially-sighted

person touches the Albert when in

accessibility mode, this will be considered

the centre position. By swiping the screen

from that centre position, they can enter

their PIN,” said Spee.

This patented PIN entry method based on

swipe motions conforms to accessibility laws

in Australia and Germany. It is undergoing

accessibility testing in other markets.

ALBERT GOES GLOBAL

After a six-month pilot, the Commonwealth

Bank of Australia launched the Albert tablet

and the open-source app marketplace in

March 2015. Close to 37,000 devices have

been deployed so far.

AEVI has recently confirmed strategic

partnerships with Wirecard and Evo

Payments International to roll out Albert

terminals in Europe.

Work is underway on US roll outs.

“We are planning major activity in the

US because we believe that Albert will

only be global, if we are successful in

the US and have a marketshare there,”

concluded Spee.

NEXT GENERATION PAYMENT TABLETS LAUNCHED

pos terminals

32 payments cards and mobile / July / August 2016 www.paymentscm.com

2016MENA

5 - 7 December 2016 //The Intercontinental

Festival City, Dubai, UAE

1,000+ delegates 80+ speakers 40+ exhibitors

After nine successful years, Mobile Money & Digital Payments Global istransforming for 2016 into PayExpo MENA, bringing you even more

opportunities to network with the entire payments value chain!

A must attend event for anyone interested in making payments faster,easier and more secure, PayExpo Mena will bring the key players

together in this exciting location for the payments industry.

Find out more at www.payexpo.com/mena

To discuss sponsorship opportunities at PayExpo MENAplease email payexpo@clarionevents.com or call +44 (0) 20 7384 7744

JOIN US IN 2016 FOR EVEN BETTER LEARNING AND NETWORKING OPPORTUNITIES!

2016 SPONSORS & PARTNERS:

Headline Sponsor: Gold Sponsor: Event Partners: Cryptocurrency Partner:Pre-Event Workshop Sponsor:

Exhibitors:

18461 PayExpo MENA Adverts_Layout 1 14/07/2016 15:40 Page 1

Learn more at bai.org

See Your Challenges with Clarity. Make Your Decisions with Confidence.

With trusted information, powerful tools, and actionable insights from BAI.

products

SANTANDER UK HAS announced that it is

experimenting with international Blockchain

payments. The lender is allowing transfers

of between £10 and £10,000 in any of

three currencies (GBP, EUR or USD) on the

Blockchain via a mobile app.

Once the app is downloaded, users

complete a profile and can make payments

via Apple Pay. Payments are confirmed

using Apple’s Touch ID and funds appear

in the recipient’s account the next

working day.

The Blockchain technology underpinning

the app is provided by Ripple, a provider of

global financial settlement technology.

Santander Innoventures, Santander’s

FinTech venture capital fund, invested an

estimated $4 million in Ripple’s Series A

funding round in October 2015.

Speaking at the time of the investment,

Mariano Belinky, managing partner,

Santander InnoVentures said: “Santander

has long been an advocate for modernising

banking infrastructure. In our recent

FinTech 2.0 report, we highlighted the

$20 billion opportunity available to the

financial services industry, and many of

the scenarios where distributed ledger

technology will have a positive impact.”

Ripple provides solutions to enable the

secure transfer of funds in any currency in

real time. Financial institutions use Ripple

and the Ripple protocol as an alternative to

correspondent banking. The decentralised,

distributed ledger allows users to post bids

or offers into aggregated global order

books, and the Ripple protocol finds the

most efficient path to match trades.

Santander is currently piloting

international Blockchain payments with

staff, with the intention of expanding the

technology at a later date.

SANTANDER STARTS BLOCKCHAIN TRANSFERS

ACI WORLDWIDE IS consolidating its

recent e-commerce acquisitions with the

launch of an SaaS-based e-commerce

payments solution.

Historically strong in the face-to-face retail

environment, ACI acquired e-commerce

fraud detection and prevention company

Retail Decisions (ReD) in 2014, and Munich-

based payment gateway PAY.ON last year.

The new SaaS solution helps merchants

expand globally by overcoming the twin

challenges of accepting locally-preferred

payment methods, and processing cross-

border payments on legacy infrastructure.

It includes plug-ins to major online

shopping carts and payment methods,

real-time fraud prevention, global

coverage and open platform technology

based on RESTful APIs.

“Because today’s consumers are

dynamic and demanding, merchants

are under ever-increasing pressure to

deliver optimal customer experience or

risk customer attrition. To succeed and

gain marketshare, merchants must make

payments a seamless part of the consumer

experience. UP eCommerce Payments

makes e-commerce simple, global and

secure,” said Mike Braatz, chief product

officer, ACI Worldwide.

AMERICAN EXPRESS HAS announced

the availability of Amex Quick Chip, a

technology that enables merchants to

provide a more seamless experience at

the point of sale for cardholders when they

pay with their EMV chip cards.

Amex Quick Chip is available to merchant

processors, which may deploy the service

to interested US merchants through a

software update to the merchants’ EMV-

enabled payment terminals. This provides

another option for merchants in industries

where having a fast check-out process is

especially important.

EMV technology reduces the risk of fraud

stemming from counterfeit payment cards by

storing information on a microprocessor chip

embedded in a card. Cardholders dip or insert

their EMV cards into a merchant’s payment

terminal instead of swiping their cards.

With Amex Quick Chip, cardholders

can dip their card during the check-

out process and remove it before the

transaction is completed. This can reduce

the time cardholders must keep their

cards inserted in the terminal, providing an

experience similar to swiping a magnetic

stripe card and enabling merchants to

streamline the checkout experience.

Importantly, Amex Quick Chip continues to

offer the same protection against counterfeit

cards that traditional chip cards do.

“Reducing friction for Card Members

and merchants is a key priority for

American Express,” said Mike Matan,

Vice President, Global Network Business,

American Express. “Amex Quick Chip

provides merchants operating in industries

where fast checkout speed is critical with

an option for ensuring cardholders can

quickly and efficiently pay for purchases

with their EMV chip cards.”

Amex Quick Chip is compatible with the

technical standards used in Quick Chip

services offered by other payment networks,

enabling processors and their merchants to

easily implement these solutions across all

card brands that they accept.

Amex Quick Chip is currently available

to processors, merchants and vendors in

the US.

ACI CONSOLIDATES ACQUISITIONS WITH E-COMMERCE LAUNCH

AMEX LAUNCHES QUICK CHIP FOR EMV CARD TRANSACTIONS AT POS

www.paymentscm.com payments cards and mobile / July / August 2016 35

Pali BhatGlobal Head of

Payment Products, Google

Dr. Injong RheeCTO & EVP of Software

& Services, Mobile Communications

Business,Samsung Electronics

Margaret KeanePresident & CEO,

Synchrony Financial

Lisa FalzoneCEO & Co-Founder,

Revel Systems

John SculleyBoard Member,Lantern Credit;

Former CEO,Apple & Pepsi

Oscar BelloPresident,

North America, Ingenico Group

Michael AbbottManaging Director,

North AmericaFinancial Services,

Accenture

Kausik RajgopalDirector,

McKinsey & Company

Thong M. NguyenPresident, Retail

Banking,Bank of America

Tom TaylorVP Fulfillment by

Amazon & Amazon Payments,Amazon

Glen RobsonEVP of Systems,

Verifone

Jack DorseyCEO & Founder,

Square

Osama BedierCEO,Poynt

Jon KaplanGlobal Sales,

Pinterest

Cristina CordovaHead of Business Development &

Strategic Partnerships, Stripe

Moira ForbesPresident & Publisher,

ForbesWoman

INDUSTRY-LEADING SPEAKERSHEAR FROM

Zia Daniell WigderSVP & Head of Content,

Shoptalk

10,000+ 1,000+ 500+ 3,000+ 75ATTENDEES CEOs SPEAKERS COMPANIES COUNTRIES

USE CODE PCM250 & SAVE $250 OFF THE CURRENT REGISTRATION PRICE

Visit www.money2020.com to Register Today [ ]

KEYNOTE SPEAKERS INCLUDE:

d_Money2020_Payment_Cards_Mobile.indd 1 7/18/16 10:20 AM

contracts

VOCALINK, THE BRITISH operator of the

Faster Payments service, has announced a

five-year deal with UnionPay International

to enable UnionPay cardholders to

access ATMs across Europe and the UK.

Under the deal, VocaLink will provide

ATM transaction processing and UnionPay

sponsored access.

With around 5.4 bill ion cards in

circulation, more than one-in-two (53

percent) bankcards issued globally is a

UnionPay card, according to recent Nilson

Report figures. The average value of a

UnionPay card withdrawal from a UK ATM

is five times higher than the average UK

domestic card withdrawal, VocaLink says.

The Chinese tourist market is growing

— around 117 million Chinese travelled

abroad in 2014, spending around $165

billion. Tourist numbers are forecast

to increase to 234 million by 2020,

according to the United Nations World

Tourism Organisation.

“This partnership represents a significant

milestone in our goal to increase access

to UnionPay cards internationally,” said

Wei Zhihong, general manager, UnionPay

International Europe.

PRIVATE EQUITY FIRMS Advent

International, Bain Capital and Clessidra

have acquired Setefi Services and Intesa

Sanpaolo Card from Intesa Sanpaolo for

€1,035 million.

Commenting on the announcement,

Luca Bassi, managing director, Bain

Capital Private Equity, said, “This

transaction is strategically important as

it adds Italy’s leading commercial bank

to our customer portfolio and gives us

exciting capabilities to increase services

and innovation across customers of both

ICBPI and ISP Processing.”

The transaction is expected to be

financed by a combination of debt

and equity financing arranged by the

shareholders. The deal is subject to

regulatory approval and is expected to

close but the end of 2016.

Advent International and Bain Capital

own the Nordic processing company Nets

and remain the two largest shareholders

in Worldpay.

FIME, A CERTIFICATION and testing

company, has been acquired from

Orange by independent investment

f irm Chequers Capital for an

undisclosed amount.

“FIME is operating in markets that

are experiencing major changes due

to technological developments. This is

happening in our core payments markets,

as well as in new areas of development,

such as machine to machine and Internet

of Things. To continue our sustained

growth in this context, FIME will invest in

R&D and further international expansion,”

commented Pascal Le Ray, CEO, FIME.

FIME’s management structure and

500-strong team across its seven

locations will remain unchanged.

GLOBAL BLUE, A Swiss-based tourist tax

refund company, has acquired Australian

firm Currency Select from Travelex for

A$65 million.

Currency Select was a standalone

subs id iary of the Travelex

Group, special is ing in dynamic

currency conversion (DCC), multi-

currency processing and payment

card acceptance.

The acquisition allows Global Blue to

expand its DCC offering across eight new

markets in the Asia Pacific and Middle

East regions.

ADVENT AND BAIN MAKE ITALIAN ACQUISITION

FIME ACQUIRED BY CHEQUERS CAPITAL

GLOBAL BLUE BUYS DCC FIRM CURRENCY SELECT

VOCALINK IN UNIONPAY ATM TIE-UPAMEX UPDATE US FRAUD POLICIES In an effort to promote further adoption of EMV in the US, American Express announced changes to its EMV chargeback policy to help merchants limit their fraud costs as they upgrade their POS systems. By the end of August 2016, merchants will not be held liable for chargebacks for counterfeit fraud when a transaction is under $25. In addition, by the end of 2016 American Express also plans to limit the number of counterfeit fraud chargebacks to a total of ten per card account. The card issuer – not the merchant – will bear the financial liability for any additional counterfeit fraud transaction that is disputed on a card account after ten chargebacks. This limit does not prevent a cardholder from disputing additional fraudulent transactions. “Combating fraud is an ongoing priority for American Express,” said Mike Matan, Vice President, Global Network Business, American Express. “We recognise the migration to EMV in the US is an effort that will take time, which is why we are making these policy changes in order to provide flexibility to those merchants that may need more time to upgrade their point-of-sale terminals to accept EMV chip cards.” The changes announced today by American Express will remain in effect until April 2018. The changes are expected to help reduce counterfeit fraud costs for merchants who have not yet upgraded their point-of-sale terminals to accept EMV chip cards. Analysis by American Express found that more than 40 percent of its counterfeit fraud chargebacks in the US are for transactions under $25.

www.paymentscm.com payments cards and mobile / July / August 2016 37

ACI Worldwide www.aciworldwide.com P19BAI www.bai.org P34Entrust Datacard Group www.datacard.com/pcm Cover P4FIME www.fime.com P1Money2020 www.money2020.com P36

OpenWay Group www.openwaygroup.com Cover P3PayExpo MENA www.payexpo.com/mena P33 Payment Cards Yearbooks www.paymentcardyearbooks.com P23RS2 www.rs2.com Cover P2

Ad Index July/August 2016

conferences

PayExpo Europe 2016

Nearly 2,300 delegates from 850 organisations across 52 countries attended PayExpo Europe 2016 at London’s Excel on 7-8 June, making the event 25 percent larger than last year. As well as plenary sessions, the event featured content streams dedicated to security, authentication and biometrics; the future of banking; connected commerce, and analytics, loyalty and localisation.

The conference saw the return of the Dragon’s Den. Four start-ups pitched their

business ideas to a panel of on-stage inquisitors and the audience. They included Divido

which aims to make point-of-sale instalments simple and paperless. PayKey bridges

social networks and banking via a keyboard app integrating payment functionality.

Multisense has developed a patent-pending face and finger pulse biometric platform.

And Coinsecure is connecting India to Bitcoin. The competition was won by Divido.

Elsewhere the boxing gloves were on for Payments Punch-Ups. There was fighting talk

in the ring as contestants argued about the move to a cashless society, social networks

for payments, banning non-KYC prepaid cards, among other hotly contested topics.

Forthcoming PayExpo events confirmed include:PayExpo MENA 2016, Dubai, 5-7 December 2016

PayExpo Americas 2017, Mexico City, 7-8 March 2017

PayExpo Europe 2017, London, 23-24 May 2017

NEED COPY

eCommerce 360 Europe7-8 September, Londonwww.wplgroup.com/aci/event/ecommerce-360-europe/

RegTech Summit13-14 September, Londonwww.regtech-summit.com/

Mobile Banking & Payments USA26-27 September, New Yorkopenmobilemedia.com/mobile-banking-and-payments-usa/

BAI Retail Delivery5-7 October, Chicagowww.bai.org

Money202023-26 October, Las Vegaswww.money2020.com

The Future of Nordic Banking2-3 November, Copenhagenwww.marketforce.eu.com/events/banking/nordic-banking

Cards & Payments Innovation Europe8-9 November, Madridwww.marketforce.eu.com/events/cards-payments-innovation-europe

Digital Banking Innovation Summit15-16 November, Praguewww.marketforce.eu.com/banking/payments-innovation-europe

Trustech 201629 November-1 December, Canneswww.trustech-event.com

The Future of Retail Banking29 November-1 December, Londonwww.marketforce.eu.com/banking/retail-banking

Conference diary

38 payments cards and mobile / July / August 2016 www.paymentscm.com

I OPENED A NEW ACCOUNT.

I was already excited about opening a new account, but when I visited the branch, they handed me my new debit card right there. I walked out with a

ready-to-use card — and bought myself a coffee.

What a remarkable experience.

Entrust Datacard offers a complete portfolio of hardware and software solutions to help you create these remarkable customer experiences. See how instant

issuance can enhance customer loyalty and drive new revenue.

Visit www.datacard.com/pcm to download the free white paper.

Entrust Datacard and the hexagon design are registered trademarks and/or service marks of Entrust Datacard Corporation in the United States and/or other countries. ©2016 Entrust Datacard Corporation. All rights reserved.