tim sloane preparing for rapid payments innovation

1

Preparing For Rapid Payments Innovation.

2

Tim SloaneVice President, Payments Innovation

3

Forecast Apple PayVolume Based on Adoption Model

Source: Mercator

Apple Pay: Off & Running

4

Android:Waiting in the Wings

• Multiple hardware device implementations• Multiple versions of OS

– Android One– AOSP

• Microsoft / Cyanogen

• 40 Apple iPhone Variations, 90,000+ Android Variations• Google Wallet V1, Google Pay, Samsung Pay …….

5

Android Devices - 2013

Source: OpenSignal

6

Android OS Versions - 2015

Source: OpenSignal

7

APPLE PAYOperation

Apple Wallet Implementation

Branded Network Network BrandedIssuer

Merchant Acquirer

TOKENTOKEN

PAN

TOKEN

Lookup PANAuth Request w/TOKEN Auth Request w/PAN

1

2

45

6 7 8

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

3

1) iTunes user provides card number (PAN) to iTunes.2) Apple forwards request to enable Apple Pay to the bank that owns the card for permission.3) When bank approves the request, the PAN is communicated to the appropriate network for token generation4) Network and Apple insert token into Secure Element of device5) Consumer presents Apple Pay device to POS using Touch ID6) Token and other payment relevant data are sent to the POS, which forwards via acquirer to the network7) Network receives token and looks up PAN. PAN is inserted into the authorization request and sent to the issuer8) Issuer receives the authorization request and approves or denies the transaction. (Note that several special fields are in the authorization request and other activities not described here (such as provisioning NFC device)

= NFC

8

APPLE PAYOperation

Apple Wallet Implementation


Merchant Acquirer

TOKENTOKEN

PAN

TOKEN


1

2

45

6 7 8

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

PAN

3

1) iTunes user provides card number (PAN) to iTunes.2) Apple forwards request to enable Apple Pay to the bank that owns the card for permission.3) When bank approves the request, the PAN is communicated to the appropriate network for token generation4) Network and Apple insert token into Secure Element of device5) Consumer presents Apple Pay device to POS using Touch ID6) Token and other payment relevant data are sent to the POS, which forwards via acquirer to the network7) Network receives token and looks up PAN. PAN is inserted into the authorization request and sent to the issuer8) Issuer receives the authorization request and approves or denies the transaction. (Note that several special fields are in the authorization request and other activities not described here (such as provisioning NFC device)

= NFC

9

APPLE PAY is PROPRIETARY • Few networks have access to

Apple Provisioning function • Provisioning is contractually coupled

to compensation & settlement• Tokens alter how merchants find &

use alternate networks• Tokens alter merchants back end

processes (disputes/returns/etc.) • EFT networks must share transactional

data with MC/V to participate• No solution exists to enable Bank

Mobile Apps or ATM access

10

EMVCo HCE SUPPORT

1) Multiple Mobile Environments2) Each with unique security capabilities3) Each with unique identity support4) HCE cloud (Open to Buy Limits / One Time Use Tokens.2) Apple forwards request to enable Apple Pay to the bank that owns the card for permission.3) When bank approves the request, the PAN is communicated to the appropriate network for token generation4) Network and Apple insert token into Secure Element of device5) Consumer presents Apple Pay device to POS using Touch ID6) Token and other payment relevant data are sent to the POS, which forwards via acquirer to the network7) Network receives token and looks up PAN. PAN is inserted into the authorization request and sent to the issuer8) Issuer receives the authorization request and approves or denies the transaction. (Note that several special fields are in the authorization request and other activities not described here (such as provisioning NFC device)

5


Merchant Acquirer

TOKENTOKEN

PAN


1

2

45

6 7 8

3

SE

HCE & DF

HCE & DF & Bio

ID&V Method 1

ID&V Method 2

ID&V Method 3

Token Service Provider(TSP)

Softcard

Google

Google/Samsung

11

Tokenization Challenges:• What will be the long term fee structure?• How will EFT networks participate?• What is the role of issuing processors?• How will credentials be passed to ATM or is alternate needed?• How and when will the bank app be payment enabled?• Token Value prop in Mobile Apps is weak.

– Card on File preferred by most merchants• Merchants question Tokenization Durbin Compliance.• Is Apple A Good Long Term Strategic Partner?• How is a portfolio switched when Token Vault is held by the network?

12

Too many stove pipe solutions

BANK NETWORK& APP CHALLENGES

M-AppM-Browser

Banking AppRDC, Etc. EFT PIN

P2P

mPOS

Bank Solutions, MC/V Solutions,

EFT Solutions, Mobile Apps, ID Social, Cloud…

13

Innovation will surroundthe Payment utilizing m-POS and Smart Apps

mPOS WILL DRIVECHANGE & COMPLEXITY

14

• New Data Types• New Transaction Types• New Network Interactions• New Networks (e.g. MCX)

Innovation will surroundthe Payment utilizing m-POS and Smart Apps

mPOS WILL DRIVECHANGE & COMPLEXITY

15

New methods of Identity Verification combined with a complex mobile platform (hardware, OS, multiple comms carriers in both the handset and the POS) all riddled with vulnerabilities, makes a payments platform only a entrepreneur can love.

INNOVATION ONMOBILE HAS ITS RISKS

- Credentials in memory- Credentials on file system- Data stored on file system- Poor cert. Management- Etc.

- Clear text credentials- Clear text data- Backdoor data- Data leakage- Etc.

- SQL Injection- Cross Site Scripting- Local File Inclusion- Authentication- Etc.

Client Network Server

16







Remember this?

17







Remember this?

PATCHPROCESS

18

COMPETITIVEREVIEW

Apple Must deliver more value to merchants. Expect loyalty & BLE innovation as mechanism to

engage consumer and pass credentials at POS. Passbook gets interesting. Google / Softcard Technology

Softcard technology isn’t what Google needs, it needs low cost access to the SE by MNOs. It is unclear what business model networks will adopt to enable Google Wallet. Google must change existing pooled account model to encourages bank participation.

MCX / CurrentC Introduces a cross merchant loyalty agent that lowers payment costs for merchants.

MCX isn’t impacted by card networks, it lives or dies on its own ability to execute. PayPal / Paydiant

Current services implemented using private acquiring infrastructure and merchant relationship slows deployment. PayPal needs greater merchant adoption before Apple, and must implement a business model that drives bank participation.

Financial Institutions FIs promoted Apple Pay to gain top of wallet without knowing Apple’s or Networks long

term strategy. Without Android, banks can’t satisfy customers and can’t enable existing bank apps. Networks create new revenue source from issuers and protect market.

Samsung / LoopPay Will a smaller LoopPay still be effective? Is interim solution likely to cause problems at

POS? Unclear how Samsung will drive adoption by banks or what business model Networks will implement.

19

INNOVATORSAPPROACHING FROM ALLDIRECTIONS• Deliver engaging and complete

financial services to your customers.

• Review adjacent markets that add value or threaten your value proposition.

• Acquire partnerships and technologies that strengthen your value proposition and level of customer engagement.

• If you don’t others will!

20

Tim SloaneMercator Advisory [email protected]

tim sloane preparing for rapid payments innovation

Economy & Finance