COVER STORY: ROLLING THE DICE - Payments Cards & Mobile

COVER STORY:

ROLLING THE DICECYBERCRIME - INSIDE THE MIND OF THE HACKER

ALSO FEATURED:

REGTECH - REGULATION, REGULATION EVERYWHERE

July / August 2017

RS2.COM

IssuingClearing & SettlementAcquiringGeneral Ledger & AccountingSwitchDispute ManagementE-Wallet

Agent PortalIso-ProcessingIssuing ServicesGlobal AcquiringRouting & SwitchingClearing & SettlementInterchange OptimisationChargeback & Dispute HandlingMerchant PortalMerchant Reward (Loyalty / Cash Back / Discount)

Payment Facilitator

Email: [email protected]

Keep your business a step ahead through our softwareintegration

All rights reserved. No part of the publication may be reproduced or transmitted in any form without the publisher’s prior consent. While every care is taken to provide accurate information, the publisher cannot accept liability for errors or omissions, no matter how caused.

© PaymentsCM LLP 2017 Payment Cards and Mobile™ is owned and published by PaymentsCM LLP ISSN 1759-829X

Payments Cards and MobileThe Stable, Hall Yard, KellingHolt, NR25 7EW, United Kingdom+44 1263 711800 / paymentscm.com

Volume 9, Issue 4July / August 2017

Editorial Advisory Board

Production TeamAlexander Rolfe Editor-in-chief and publisher Tel (+44) 1263 711 800 [email protected]

Joyrene ThomasStaff Writer Tel (+44) 1263 711 800 [email protected]

Wendy Sanders Head of Business Development Tel (+44) 1263 711 801 [email protected]

Gemma RolfeGeneral Manager Tel (+44) 1263 711 800 [email protected]

Gemma Haywood Subscriptions and General Tel (+44) 1263 711 800 [email protected]

Adam Unsworth Graphic Design Tel (+44) [email protected]

Printing Micropress Printers

John BernsManaging Partner, Accourt

Sylvie Boucheron-Saunier SVP Financial Institutions, North America & Europe, ACI

Robert Courtneidge Global Head of Cards and Payments, Locke Lord

June Felix President – Europe, Verifone

Denise Gee Director, Magna Carta

Simon HardieDirector, Magna Carta

PaymentsCARDS & MOBILE

PAYMENTS INDUSTRY INTELLIGENCE

“Money never sleeps” or so the saying goes. Seemingly, neither does the payments industry.

As we head full speed into the holiday season, the usual downing of tools does not seem much in evidence in 2017.

Summer is traditionally a time when people splurge their hard-earned cash. This is certainly true in the online gambling world. Just as the house always wins, so do the processors and acquiring banks, or so it seems. In this issue, we take a look at why gambling is still viewed as high risk. In a regulated environment with solid KYC requirements, should it still fall into this category?

FinTech has existed and been written about for more than a decade. It has been the driving force behind some of the extremely positive changes seen within the financial services industry. RegTech is the new player in town. We consider what RegTech actually is and how it is helping financial service providers and end-customers in an ever-changingregulatory environment.

When it comes to cyber security, I think as an industry we are very happy to point the finger at how easy some breaches have been, and how slow the admissions have been afterwards. But what about the hackers themselves? What drives them and how do they select their targets?

Finally, whether you are heading for sunnier climes or simply downing tools for a few weeks, PCM wishes you all the best for the summer.

Alexander Rolfe,

Editor-in-chief and publisher, Payments Cards & Mobile

AlexRolfe

RS2.COM

IssuingClearing & SettlementAcquiringGeneral Ledger & AccountingSwitchDispute ManagementE-Wallet

Agent PortalIso-ProcessingIssuing ServicesGlobal AcquiringRouting & SwitchingClearing & SettlementInterchange OptimisationChargeback & Dispute HandlingMerchant PortalMerchant Reward (Loyalty / Cash Back / Discount)

Payment Facilitator

Email: [email protected]

Keep your business a step ahead through our softwareintegration

contents

www.paymentscm.com4

06 - 07 PAYMENTS NEWS

NEWS IN BRIEF All the latest news from the past 60 days

08 - 09 CARD NOTES

THE DEATH OF THE PASSWORD?Passwords are no longer passing muster as a security or authentication method. The problem is quantity as much as quality. The average number of passwords registered to a single e-mail address is 130, according to password management company Dashlane.

EUROPE CLIMBS IN PAYMENTS INNOVATION RANKINGSWhile Asia remains home to most payments innovation, Europe has leapfrogged Africa, North America and Latin America into second place, findings from the Global Payments Innovation Jury Report 2017 reveal.

22 RISK & COMPLIANCE

GDPR: LESS THAN A YEAR TO GO AND COUNTINGWith the 25 May 2018 deadline for the European General Data Protection Regulation (GDPR) looming large, PCM considers the background, content and opportunities of the new regulation.

23 ISSUING & ACQUIRING

IMPACT OF THE INTERCHANGE FEE REGULATION 18 MONTHS ONIt is now almost 18 months since the introduction of the Interchange Fee Regulation (IFR). This covered a good deal more than the interchange fee caps and included substantial changes to the business rules for card acceptance and processing frameworks.

24 MOBILE PAYMENTS

US BANKS TAKE THE P2P FIGHT TO SILICON VALLEY RIVALSMore than 30 US banks and credit unions unveiled a unified person-to-person money transfer service in mid-June. Known as Zelle, the service covers around 86 million US mobile-banking customers and competes head-on with rivals such as Venmo from PayPal and Apple Pay from Apple.

P2P BECOMING THE NEW SOCIAL NORM IN THE USThe latest Bank of America Trends in Consumer Mobility Report found that P2P is quickly becoming the new social norm, as 36 percent of adults currently use the service, with millennials leading the charge at nearly double that rate (62 percent).

25 CONTACTLESS

UK: CONTACTLESS CARDS SET TO OVERTAKE CASH IN 2018Rapid growth in the use of contactless cards means cash will be overtaken as Britain’s most frequently used payment method by the end of 2018, according to a new report.

APPLE AND VISA HIT WITH APPLE PAY PATENT INFRINGEMENT LAWSUITApple and Visa have been hit with an Apple Pay patent infringement lawsuit by Universal Secure Registry (USR), a small US company, that alleges their mobile payment partnership infringes four of its patents.

26 POS TERMINALS

CONSUMERS STILL LOVE CASH AS ATM TURNS 501967: Ronald Reagan was inaugurated as governor of California, Elvis Presley married and the UK entered negotiations for membership of the European Economic Community. It was also the year that the first ATM was installed at a Barclays Bank in Enfield, north London. This ushered in not only convenient 24-hour cash access, but also a new way of interacting with banks and technology.

payments cards & mobile | July / August 2017

10-12 COVER STORY:

ROLLING THE DICEAcquiring gambling merchants is high risk. Or at least this always used to be the case. But in a regulated industry quick to adopt new technology, where the house always wins, how high risk is acquiring gambling merchants nowadays?

27 E-COMMERCE

PSD2 DRIVES A 37 PERCENT DECLINE IN ONLINE CARD VOLUMESA new study from Ovum, has attempted for the first time to quantify the detrimental effect instant payments and PSD2 will have on traditional credit and debit card payments.

ONLINE CARD SPENDING TO DOUBLE BY 2021 Global Payment Cards Data and Forecasts to 2021, an annual survey of the global payment cards sector, reveals that the value of e-commerce card payments made worldwide grew by 26 percent during 2015 to reach $2.7 trillion, and represented 12 percent of all card expenditure.

28 PRODUCTS

AMAZON CHALLENGES BANKS IN BUSINESS LOAN MARKETIt started with book publishing before moving to grocery retail, delivery, music streaming and television. The next industry Amazon has in its disruptive sights is banking. The Seattle-based behemoth has lent more than $1 billion to small businesses in the last year, according to a media statement.

INGENICO ANNOUNCE PSD2-COMPLIANT SOLUTION FOR MARKETPLACESIngenico ePayments, the online and mobile commerce division of Ingenico Group, has launched a new PSD2-compliant payment solution designed specifically for online marketplace operators.

LG LAUNCHES DELAYED MOBILE PAYMENT SYSTEM LG PAYLG managed to launch its heavily delayed mobile payment service dubbed LG Pay on 2 June. The digital wallet competes with look-alike wallet offerings from Samsung Pay and Apple Pay.

29 CONTRACTS

VANTIV AGREES WORLDPAY PURCHASE IN £9 BILLION DEALWorldpay has agreed a £9.1 billion deal to be acquired by US rival Vantiv, which sent shares in the company tumbling sharply.

VISA COMMITS TO STRATEGIC INVESTMENT IN KLARNAVisa and Klarna announced they have reached an agreement for Visa to invest in Klarna, and intend to develop a future strategic partnership.

NATIONAL MOBILE WALLET SERVICE LAUNCHES IN UAEThe first nationally sanctioned mobile wallet solution for the United Arab Emirates has been launched. Emcredit, a fully owned subsidiary of the Dubai Economy, will launch empay, a secure mobile wallet and payment platform that offers all United Arab Emirates residents the ability to easily pay for a wide variety of goods and services using smart wearable technology or multi-functional devices.

30 CONFERENCES MONEY2020 EUROPE Money2020 Europe, held in Copenhagen 26-28 June, was again a great success, covering payments and financial services from core services to FinTech. Presentations included those from senior executives of well-known global companies to smaller, but equally interesting, businesses.

NEXT EVENTS

SEAMLESS PAYMENTS EAST AFRICA6-7 September, Nairobiwww.terrapinn.com/exhibition/seamless-east-africa

THE FUTURE OF LENDING19 September, Londonwww.marketforce.eu.com/events/financial-services/future-of-lending

SEAMLESS PAYMENTS VIETNAM6-7 September, Ho Chi Minh Citywww.terrapinn.com/exhibition/seamless-vietnam/

RESTAURANT TECH LIVEBAR TECH LIVE HOTEL TECH LIVE26-27 September, Londonwww.restaurantbusinessshow.co.uk

PAYEXPO EUROPE4-5 October, Londonwww.payexpo.com/europe

SHOPTALK EUROPE9-11 October, Copenhagenshoptalkeurope.com/

contents

www.paymentscm.com 5

ALERTS

RISKMANAGEMENT

POLICY AND PROCEDURES

LIBRARY

TRADEBLOTTER

PEACE OF MIND

ANNUAL REVIEW& TESTING

ATTESTATIONS

REGULATORS

COMPLIANCE

BUSINESSOPERATIONS

14-16 REGTECH: REGULATION, REGULATION EVERYWHERE

18-19 CYBERCRIME:

INSIDE THE MIND OF THE HACKER


news in brief

www.paymentscm.com6 payments cards & mobile | July / August 2017

CARDHOLDERS FROM the Chinese mainland using ATMs in Macau will now have to do more than enter their PIN to get at their cash. They will also have to scan their identity card and take a selfie. The introduction of facial recognition technology at 834 machines with ‘KYC ATM’ logos is part of a government crackdown to halt capital outflows from mainland China. This topped $816 billion last year, according to data compiled by Bloomberg. The Monetary Authority of Macau requested banks that have installed ATMs without “know-your-customer techniques” to suspend cash withdrawals to China UnionPay cardholders from the mainland. Macao residents and other overseas cardholders are unaffected.

SWIFT SAYS that it has signed an additional 22 banks to its Blockchain proof of concept (PoC).The project is designed to determine if Blockchain technology can help banks reconcile their international nostro accounts in real time and is part of Swift’s Global Payments Innovation (GPI). “Collaboration is the cornerstone of innovation,” says Wim Raymaekers, head of banking markets and GPI at Swift. “This new group of banks allows us to greatly extend the scope of multilateral testing of the Blockchain application and thus add considerable weight to the findings. We warmly welcome the new banks and look forward to their insights.”

FOLLOWING APPROVAL by the Reserve Bank of India, digital payments and e-commerce company Paytm has launched a payments bank. Paytm said all active wallet accounts on its payment app would be transferred to the payment bank, although users could opt out. With almost 218 million wallet accounts, Paytm has big ambitions. “We aim to become the preferred bank for 500 million Indians by 2020,” said CEO Renu Satti. The launch comes hard on the heels of a $1.4 billion investment from Japanese telecoms group Softbank, giving Paytm a valuation of around $7 billion.

THE NUMBER of EMV chip cards in circulation worldwide has increased 1.3 billion in the last 12 months to a total of 6.1 billion, according to the latest EMVCo figures. More than half of all card transactions undertaken face-to-face globally between January and December 2016 used EMV chip technology, up from 35 percent for the same period in 2015. The US and Asia demonstrated notable increases as they continued their EMV migrations. To qualify as an EMV transaction, both the card and terminal must be EMV-enabled.

THE SAGE Group is to sell its North American payment processing and acquiring operation to private equity firm GTCR for $260 million. Sage Payment Solutions provides credit card, automated clearing house, cheque, gift and loyalty card processing services to SMEs in the US and Canada. GTCR has committed up to $350 million of equity capital to the platform. Under the deal, SPS will be the preferred provider of merchant processing services to Sage clients in the US. The transaction is subject to customary closing conditions and is expected to complete in the third quarter.

TRANSFERWISE, THE money transfer company, best known for its bank-bashing adverts is now offering banking services. According to its website, the Borderless account allows customers to send, receive and organise their money “without crazy fees or even-crazier exchange rates — just a small, fair charge when money moves between currencies.” Initially open to small businesses, sole traders and freelancers in Europe, the UK and US, TransferWise plans to expand the service to consumers later this year. Meanwhile, Klarna, best known for its instalment and ‘buy now, pay later’ digital invoicing products, has been granted a full banking licence by the Swedish financial supervisory authority. Klarna valued at $2.5 billion in 2015 is expected to offer payment cards and current accounts.

US FINANCIAL technology provider Fiserv is to buy beleaguered British firm Monitise for £70 million ($88.72 million). The 2.9p per share offer in cash is far below the 80p level at which Monitise traded in 2014, when it seemed to be on the cusp of becoming a major mobile payment technology player. The company has faced increased competition from free mobile payment systems, changed management repeatedly and issued revenue warnings. For the year to June 2016, Monitise posted a pre-tax loss of £243 million.

THE BERLIN Group is to create an open, common and harmonised API standard to enable third party providers (TPPs) to access bank accounts under PSD2. The Group, which first met in Berlin in 2004, comprises banks, banking and payment associations, national and international payment schemes, and interbank processors working in the SEPA region. Built as an access to account framework, the standard will offer operational rules and implementation guidelines with detailed data definitions, message modelling and information flows based on RESTful API methodology. The Group plans to publish the full detailed standard in the fourth quarter of 2017.

FOLLOWING A review in December 2016, the UK payment systems regulator (PSR) has published its final decision on UK payment systems infrastructure reforms. The industry must undertake a competitive procurement process for further central infrastructure contracts, and adopt a common international messaging standard for Bacs and Faster Payments. The PSR also believes that Mastercard’s recent acquisition of payments infrastructure provider, Vocalink, will address issues around ownership and the level of competition in the market.

PCM DAILY NEWS FEED

Get the latest payment news in your inboxSUBSCRIBE ONLINE NOW AT WWW.PAYMENTSCM.COM

news in brief

www.paymentscm.com 7payments cards & mobile | July / August 2017

PCM DAILY NEWS FEED

Insight is everythingIn-depth analysis, industry snapshots, news in brief and authoritative features. Payments Cards & Mobile's authoritative editorial coverage separates the hype from the happening within the payment cards and mobile payment industry.

Subscribe now

paymentscm.com



A CONSORTIUM of seven of Europe’s largest banks is stepping up efforts to build a Blockchain-based trade finance platform. The Digital Trade Chain Consortium, comprising Deutsche Bank, HSBC, KBC, Natixis, Rabobank, Société Générale and Unicredit, has selected IBM to supply the Blockchain framework and cloud services to connect counterparties. Trade finance is known to be a lengthy, paper-based process, which can leave companies waiting weeks for trades to settle. The Blockchain platform is designed to simplify and increase transparency around domestic and cross-border trade finance for SMEs in Europe.

BRITISH BANK TSB is switching its debit portfolio to Mastercard from 2018. This will make TSB the largest issuer of Mastercard-branded debit cards in the country as its customers represent 4.5 percent of all UK current account holders. In a media statement the card giant said that the seven-year deal represented “a significant investment by both parties.” It underlines Mastercard’s commitment to increasing its minority share of the UK debit market, which stood at less than four percent, according to latest figures in PCM’s Payment Card Yearbook 2016/17.

TECHNOLOGY COMPANIES Misys and D+H have joined forces and to trade under the new name of Finastra. Former Misys CEO, Nadeem Syed, will continue as CEO of Finastra. He leads a global financial software provider with revenues of around $2.1 billion, 10,000 employees, 9,000 customers and offices in 42 countries worldwide. Finastra will be headquartered in London and maintain a North American headquarters in Toronto.

MICROSOFT HAS unveiled a new keyboard with hidden biometric fingerprint sensor. At the touch of a button, users can scan a fingerprint to log into a Windows 10 account or others that use Windows Hello. The button is inconspicuous and appears as any other key. The keyboard can be used in a wired or wireless interface and will soon be available for $129.99, according to the Microsoft website.

THE BANK of England is to take over the running of the UK’s high-value payment system as part of its plans for a new national real-time gross settlement system (RTGS). CHAPS Co currently operates the high-value system, although the core settlement infrastructure is provided by the Bank of England via the RTGS. “The reforms outlined will keep the UK at the leading edge globally by increasing resilience, broadening access and expanding functionality,” said Andrew Hauser, executive director, Bank of England. The majority of the RTGS enhancements will be live by the end of 2020.

card notes


THE DEATH OF THE PASSWORD?

With so many passwords, people choose memorable ones, reuse them across sites and write them down. It is no better in the workplace. More than half of workers reuse a small rotation of weak passwords and 42 percent admit to sharing passwords with co-workers, Dashlane found. The death of the password has been consistently mooted for at least a decade. However, its demise is being hastened by ineffective password security, changes in technology, plus regulatory, commercial and competitive pressures. The rise in data breaches and identity theft is prompting a password re-think. The average total cost paid by breached organisations is around $6.5 million, according to Dashlane. Meanwhile identity fraud has reached record levels. 173,000 cases of identity theft were recorded in the UK alone in 2016. Identity fraud now represents over half of all fraud recorded by Cifas, the UK fraud prevention service, nearly 90 percent of which is perpetrated online. Against this backdrop, Visa recently announced that it was eliminating the use of static passwords for its online authentication service, Verified by Visa, from April 2018. Elsewhere the PSD2 in Europe requires strong customer authentication for all electronic payments. Exemptions aside, financial institutions must perform two-factor authentication for face-to-face and remote transactions.

CONSUMER ATTITUDES

What is consumers’ attitude towards and understanding of various authentication methods? Research firm Aite Group surveyed 1,095 US consumers who used online and/or mobile banking to find out. Consumers across the generations are quite comfortable using passwords to access their online bank account. This can be partly attributed to habit. The username/password combination has been around for nearly two decades, and consumers well-trained in its use. Unsurprisingly, ease of use was the most

important consideration for all age groups when asked about their key priorities for their online banking service. Robust security and fraud prevention was also deemed very important by the majority of respondents. Those born before 1946 gave this equal weight with ease of use, with more than three-quarters saying both were very important. Consumers are broadly willing to switch to alternative identification and verification methods. The Aite Group found a clear correlation between consumers’ openness to change and their age. 48 percent of millennials indicated that they were very willing to switch methods, with another 47 percent somewhat willing to change. In contrast, only around 15 percent of those born before 1946 were very willing to learn new methods.

CHAIN REACTION

Changes in technology are challenging password dominance. Advancements in smartphone cameras and fingerprint sensors enable the capture and verification of biometric details. This makes new authentication methods, such as fingerprints, finger vein, facial, voice or iris recognition, eye print and heartbeat, possible. The smartphone itself can also become a type of trusted token through the analysis of various device-related factors. These include build information, media details, usage, application and location data. Any sudden changes in categories of data could indicate possible account takeovers or impersonation of the true user.

Blockchain or distributed ledger technology offers an alternative way to organise identity systems, access and ownership of data. “Solutions you put in place are not the property of one single owner,” explains Simon Wilkinson, operations director, Tradle, a company putting KYC data on the Blockchain. “The way we have implemented our solution, it won’t be our property or data. It belongs to the owner and is shared with organisations that they interact with.” This puts the individual in control of their own data and makes it portable between organisations and across borders. This streamlines on-boarding by removing repetitive KYC processes and reliance on paper-based identity documents. It de-risks transactions and saves considerable time, cost and effort for both institutions and customers. This is key as the administrative overheads associated with AML compliance alone last year was around $10 billion, according to Goldman Sachs. Biometrics, trusted devices and Big Data authentication techniques will influence the decline of passwords. However, they are likely to live on as a secondary or fallback authentication factor. In the same way, plastic cards continue to be embossed and contain a magnetic stripe many years after the introduction of EMV chip. This is to maintain interoperability in the face of legacy systems, processes and equipment. The history of the payments industry is additive rather than subtractive, so when it comes to the death of the password, it could well be a case of passwords are dead. Long live passwords!

GLOBAL

Passwords are no longer passing muster as a security or authentication method. The problem is quantity as much as quality. The average number of passwords registered to a single e-mail address is 130, according to password management company Dashlane.

CONSUMERS’ OPENNESS TO ALTERNATIVE IDENTIFICATION METHODS

Source: Moving beyond the password: consumers’ views on authentication, Aite Group, March 2017

Millennials 48% 47% 4%

Baby boomers 29% 53%

Seniors 16% 48% 25%11%

Generation X 40% 42% 9% 10%

9% 9%

Very willing

Somewhat willing

Not at all willing

Don't know


EUROPE CLIMBS IN PAYMENTS INNOVATION RANKINGS

www.paymentscm.com 9

GLOBAL card notes

As one of the most mature regions for electronic payments with many legacy systems, Europe has never been seen by previous Payments Innovation Juries as particularly innovative. Indeed the region has been bottom of the innovation league table since the report’s inception in 2008. However, the 2017 Jury sees some grounds for optimism. “There is a feeling that the PSD2 will allow people to think differently and do new things. This comes together with payment innovation hubs in Berlin and London. Those two factors have lifted Europe off the bottom of the table,” said John Chaplin, chairman, Global Payments Innovation Jury. However, the PSD2 has not happened yet, so the Jurors are taking a forward view and thinking that if it delivers, Europe will be more innovative. It would be hard for Europe to overtake Asia in the innovation stakes, Chaplin concedes.

ASIA THRIVES

With 64 percent of the vote, Asia remains the clear leader in payments innovation. The opportunities in the region are huge due to a young, growing population and the willingness to accept new technologies. There is also the sheer size of the un- and under-banked population in economies where the reach of traditional banks is limited. Asia has less regulation on price, meaning the profit motive can run stronger. There are also a lot of underbanked Asians and thus

a huge potential for growth. “If you launch something in Europe, you are having to replace an existing payment type with a new type. Whereas in Asia and Africa, you can build a successful company by bringing new people into the financial system,” said Chaplin. Unsurprisingly when asked where they would prefer to establish their next payments venture, almost half the Jurors (47 percent) said Asia. Similarly, ratings and comments from the Jurors suggest that much of the payment innovation effort in FinTech hubs in Europe and North America is being directed to markets in Asia and Africa.

B2B VERSUS B2C

The 2017 Jury also explored which payment sector — B2B or B2C — offered the most profit potential for new business ventures. Taken as a global average, the Jurors seemed fairly evenly split, coming out narrowly in favour of B2B payments over B2C (55 percent versus 45 percent). However seen regionally, the figures tell a different story. “In the developed markets, particularly Europe, 75 percent think [the opportunities lie in] B2B. If we go to China or Africa, the figure is around 65 percent in favour of B2C,” Chaplin explained. “In Europe and the developed markets, it’s very clear that the smart people are investing in B2B for a couple of reasons. Firstly, it is almost impossible to make a margin on the B2C side, when regulators force the price down. Secondly, it is getting quite difficult to build scale,” he said.

Consumer businesses need scale. The costs of customer acquisition are often high, so it is expensive to build the size of customer base needed. Yet with B2B propositions, such a high level of scale is not required. Business customers are more used to being charged for services; revenue per customer is generally much higher than for B2C. As a result of a comparative lack of innovation in the B2B space, it is also easier to begin solving real B2B problems — and with less intense competition.

THE HYPE AND THE HAPPENING

FinTech is hot and has been for some while. Payments start-ups, in particular, are receiving more investment than ever before. While some will succeed, the vast majority will not. Payments is an industry that seems to be constantly working its way through a technology hype cycle. “The fact that an innovation is over-hyped doesn’t mean that it doesn’t deliver benefits for the industry, rather that the claims made are exaggerated. And hype tends to lead to misallocation of investment resources,” explained Chaplin. In 2013, the Jury selected mobile wallets and NFC for the hype award. The industry is still waiting for mobile wallets to achieve widespread uptake. Similarly contactless cards, despite strong usage in Australia and Europe, are by no means a global success. In 2015, the Jury decided that Apple Pay was over-hyped for similar reasons. In 2017, the Jury gave the hype award to distributed ledger technology. They believed that the technology could deliver real benefits for financial services businesses. However, they also considered many of the claims made about its applicability to retail payments to be exaggerated. The Global Payments Innovation Jury is a panel of 70 CEOs and senior industry executives from 37 countries across six continents.

While Asia remains home to most payments innovation, Europe has leapfrogged Africa, North America and Latin America into second place, findings from the Global Payments Innovation Jury Report 2017 reveal.

WHICH REGION WILL INNOVATE MOST IN PAYMENTS IN THE NEXT TWO YEARS?

Source: Global Payments Innovation Jury Report 2017

ASIA 64%

AFRICA 12%

EUROPE 14%

NORTH AMERICA 8%

LATIN AMERICA 2%

by Joyrene Thomas

Humans love to gamble. The first pair of dice was discovered in an ancient Egyptian tomb dating from around 3,000 BC. The ancient Chinese used tiles in games of chance. Indians circa 1,500 BC loved betting on chariot races. Gambling — as well as attempts to prohibit it — have been part of human history from even before the first casinos in 17th century Italy and the invention of the one-armed bandit in the 1890s. But is an industry founded on managing its risks actually high risk to acquire?

THE LUCK OF THE DRAW

Gambling is playing games of chance to win money. Yet the definition is as short as the scope of the activity is broad. Gambling encompasses everything from buying a raffle or lottery ticket, entering a sweepstake to playing bingo. It includes betting on horse races or other sporting events, visiting casinos, and playing fruit machines, arcade games or other gaming machines. The gambling industry generated around $365 billion worth of profits in 2016, according to H2 Gambling Capital (H2G), a specialist research firm. Online gambling is the fastest-growing sector, accounting for 11 percent of profits. One of the most lucrative markets for gambling is Australia, which began to deregulate the industry in the 1980s. Betting losses per resident adult in Australia amounted to $990 last year. That is 40 percent higher than Singapore, the runner-up, and around double the average in other western countries, such as Ireland and Finland, H2G figures say.

In gambling, the numbers can get very big very quickly. A large, well-established online gambling merchant can process $90-120 million per month on average on cards, according to one industry observer. If the merchant also runs physical betting outlets, accepts alternative payments and is multi-acquired, this can be significantly higher. This dwarfs a typical large e-commerce merchant with average monthly card takings of $5 million. Gambling profits and volumes are high. But what about the risks?

ANTE UP

The main risks within the gambling sector are money-laundering, fraud and regulation. Gambling products could be used for money transfer between people colluding with one another and/or with the house. Regulatory requirements vary between jurisdictions, but know your customer (KYC) checks routinely conducted on players at registration and for pay-outs over certain amounts aim to prevent money-laundering. Some gambling authorities also restrict pay-outs to the payment method used to charge the account. Others require operators to prevent players choosing their tables in online poker or similar games. The gambling sector experiences fraud risks, as any other. Fraudsters may monetise legitimate identities by creating and using online gambling accounts fraudulently. A legitimate customer may also charge gambling transactions back, claiming they did not make them. This type of

ROLLING THE DICE

Acquiring gambling merchants is high risk. Or at least this always used to be the case. But in a regulated industry quick to adopt new technology, where the house always wins, how high risk is acquiring gambling merchants nowadays?


11

cover story

‘friendly fraud’ on payment cards takes on a particular cast with VIP players, depositing 30-40 gambling transactions a month over several months. Repudiated transactions in these cases could amount to hundreds of chargebacks, triggering card scheme chargeback thresholds. Merchants may be able to defend such chargebacks by providing compelling evidence of cardholder participation. Yet it still counts in their fraud and chargeback ratios, leaving them open to potential acquirer fines or withdrawal of their payment facility in a worst case scenario. It is unlikely that one VIP customer could so adversely impact a large operator. However, smaller to mid-sized operators are more vulnerable. Regulatory risks arise if a merchant does not have the appropriate gambling licence or adhere to the terms of their licence. Licensing regimes vary according to jurisdiction, and while not the same, there are similarities. “You have all the basic principles: to verify the associated games on the platform, to vet the associated directors and beneficial owners [of the operator], to run KYC, to impose customer due diligence at the time of pay-out to ensure that no money-laundering happens,” explains Christian Chmiel, CEO, Web Shield, a risk management company. Gambling merchants and those who acquire them have to keep abreast of regulatory changes. It is a dynamic space as the growing importance of online and mobile channels has led many countries to re-evaluate gambling legislation. The cross-border nature of remote transactions complicates matters and heightens risk. Moreover, card scheme rules require transactions to be legal in both the country of the cardholder and merchant to be entered into interchange. For example, remote gambling has been regulated at the point of consumption in the

UK since November 2014. As such, gambling websites trading with, or advertising to, consumers in the UK must be licensed by the UK Gambling Commission. Any operator offering remote gambling services to UK consumers without a UK Gambling Commission licence is acting illegally.

TABLE STAKES

So much for the main gambling sector risks. But whose risks are they? Who owns and is responsible for managing them? “The majority of the risk is with the gaming operator,” says Dave Excell, chief technology officer and co-founder of Featurespace, an adaptive behavioural analytics company spun out of Cambridge University. “There’s the financial loss associated with fraud. There’s the operational cost of making sure that these things are managed correctly. There’s also the reputational risk if an operator is associated with lots of bad transactions. That has a negative connotation to customers, but also within the industry,” he says. In some senses, gambling is inherently risky, Excell maintains. A gambling operator is very good at managing those risks to make a profit for themselves. That is what the organisation is built around — risk management — and understanding the different types of risks that can exist. This ranges from understanding how card games work, setting odds and preventing people from gaming the system. “The gambling industry is usually at the forefront of using new technologies to mitigate risks and understand payments. They are always trialling new and emerging technologies and using that as a competitive advantage,” says Excell. How exactly? “Within a gambling organisation, there is a tremendous amount of data to understand what the customer is doing. We work with the gambling operator to manage the lifecycle of the customer,” says Excell. This covers customer acquisition, registration, funds deposit and gambling behaviour. Factors such as how much the customer wagers, how quickly and the types of bets placed, help to build a picture of the player. There are also factors explicitly around payment, such as the different sources used to fund the account, frequency of top-ups and payment data cross-checked against IP and device details. This provides information about

the legitimacy of the customer. It also guides insights into whether they are a recreational player, or someone who may become a problem gambler or a future fraud liability. Being cognisant of and able to manage money-laundering, fraud and regulatory risks — their own risks — is table stakes for any gambling operator. Competitive advantage comes from how they manage these risks and differentiate themselves not only to customers, but also in the back-office with their use of people, processes and technology.

SEE YOU AND RAISE YOU

Acquirers need to understand the gambling operators’ risks and how they are managing them to evaluate their own risk exposure. Naturally, acquirers also face risks of their own. The main ones are variants of those faced by their merchants, particularly around the complexities of anti-money laundering and regulatory requirements. How gambling is marketed is also important for the assessment and management of acceptance risks. If a merchant’s sales and marketing practices violate applicable laws, transactions for legal services may become illegal. As gambling is commonly cross-sold via adult entertainment affiliates, acquirers face the second-order consequences of heightened affiliate fraud risk. Acquirers face operational risks. Correspondent banks are de-risking settlement of US dollar funds to gambling merchants, even if the transactions were not performed by US citizens. For example, if a French citizen places a US dollar bet on a website operating entirely legally, acquirers may have difficulty settling the transaction onward to their merchant in US dollar, industry insiders confirm. Acquirers are also more open to negative balances with gambling merchants. They may owe issuers more than the issuers owe them, either due to refunds, chargebacks or original credits used for payment of winnings. If the gambling merchant is multi-acquired and switches transactions between acquirers, the exposure to negative balances increases, particularly if acquirers become liable for more pay-outs than they have accepted in wagers. Naturally, acquirers can recoup any shortfall from their merchants, but they would be exposed for a certain period and

11

“The gambling industry is usually at the forefront of using new technologies to mitigate risks and understand payments.” Dave Excell, Featurespace

www.paymentscm.com payments cards & mobile | July / August 2017

12 www.paymentscm.com12 payments cards & mobile | July / August 2017

their liquidity affected. Acquirers should implement mechanisms to limit outgoing flows to the merchant. This helps prevent negative balances without approval and automates top-ups from the merchant, whether in the form of additional collateral and/or rolling reserves. These and other general acquirer risks notwithstanding, gambling merchants are not considered high risk by many acquirers. Indeed many acquirers target gambling business to help balance fraud and chargeback ratios within their portfolios. Gambling is a high-volume sector with play happening within a limited timeframe, so traditional credit risks and chargebacks arising from non-receipt of goods or services are negligible. Chargeback rates for gambling merchants are similar to those of large retailers. They are certainly much less than for adult and nutraceutical merchants and those using membership-based marketing models. Moreover, the larger the gambling operator, generally the lower the fraud and chargeback rate. Such operators tend to have more resources and invest more in technical systems to better manage their risks.

CARDS ON THE TABLE

Is acquiring gambling merchants actually high risk? “Yes, it is high risk if you don’t understand the business, how the traffic is generated, how the games work, and solely rely on the licence provided by the merchant,” says Chmiel. Gambling merchants require a certain type of management. If acquirers are able to do that, it is more business-as-usual than high risk. Acquirers are potentially more exposed to risk if they underwrite merchants, whose businesses they do not fully understand.

After all, unaddressed risks are more dangerous than known risks mitigated with the appropriate controls. What is the position of the card schemes with regard to gambling merchants? Both Mastercard and Visa categorise gambling merchants as high brand-risk, if not high risk, largely because it is to them. They have programmes in place, including registration requirements for acquirers active in the gambling sector. This is to protect their own brands and systems from financial and reputational risks as much as it is to protect the acquirers from such risks. The reality of high-risk, or indeed any, acquiring is nuanced at the macro level, and the schemes are in a difficult position. They must manage their own risks, but also balance the interests, rights and responsibilities of clients participating in their system. It is challenging to create a common understanding around risk and how it is best managed across borders, cultures and risk appetites. For some acquirers, high-risk acquiring may be analogous to smoking cigarettes. There are those who enjoy smoking and have no intention of quitting. They know it may be bad for their long-term health and the health of others around via passive smoking, yet they wish to continue. Dealing with the small minority of organisations, which are aware of the rules, consciously flout them and prioritise evading detection over compliance is a difficult balancing act. PCM asked both major card schemes about the nature and ownership of gambling risks and how they engaged with acquiring clients to mitigate risk and protect the integrity of the payment system. A Mastercard spokesman advised engaging with the acquirers as they held the direct relationships with the gambling sector.

Both major card schemes fine clients who have been found to be non-compliant with scheme rules. As commercial organisations, they could be seen to benefiting from the behaviour of bad actors. Firstly from the volume and any associated click fees from purchases and pay-outs, and secondly from fines. How did the schemes counter claims around the perception of a conflict of interest when dealing with non-compliance among their clients? “Our operations comply with both national law and EU requirements and we enforce a strict set of rules that forbid the use of a Visa payment mechanism to buy an illegal product or services,” said Visa Europe in a written statement.

ALL BETS ARE OFF

We apply probability to almost every conscious decision we make. From taking an umbrella on assessment of the weather to choosing when to cross the road. The whole of the gambling industry is founded on judgements around the balance of probabilities or risks. It may happen or it may not. Either way, it matters because it will have an impact, whether positive or negative. Good, well-run gambling operators know and understand this — and take active steps to manage their own risks. So do good, well-run acquirers. Those serious about acquiring gambling merchants need to take it seriously. Continuously establishing the context, identifying, analysing, evaluating and treating risks are the fundaments of risk management. Acquiring gambling merchants is not something any acquirer can dabble with in the corner of their portfolio. It is not about rolling the dice.

cover story

www.paymentyearbooks.com

Stay one step ahead with deep industry information and a wealth of statistics from central banks, interbank companies and associations and individual banks.

10% Discount Order online using discount code BG2MFO7B9S6B

2016-17 EDITION

Payment Cards Statistical Yearbooks

In order to respond to the changing and new payment industry markets, the 2016-17 edition Yearbooks have been enhanced by adding:

• More issuer information – issued brands by issuer

• More acquirer information – acceptance brands by acquirer

• More on contactless cards and digital wallets

• More e-/m-commerce information, e-payments mix and statistics

• More on notable mobile payments initiatives

• More on basic fraud trends and statistics

• Mobile merchants and MPOS terminals

• Notable market trends – battlefields in the payment industry

European Payment Cards Yearbook and Eurasian Payment Cards Yearbook 2016–17 are available as a complete volumes or as individual country profiles.

To place an order, for further details, to view full synopsis or download a sample country report visit: www.paymentyearbooks.com



ALERTS

RISKMANAGEMENT


LIBRARY

TRADEBLOTTER

PEACE OF MIND


ATTESTATIONS

REGULATORS

COMPLIANCE

BUSINESSOPERATIONS

by Joyrene Thomas

The statistics are unanimous. The volume of regulation as well as its impact on firms and customers is growing. Around $80 billion is spent globally on governance, risk and compliance each year, and this is set to reach $120 billion in the next five years, according to FinTech research firm Let’s Talk Payments. Regulatory fines for non-compliance have exceeded $320 billion since 2008, according to Deloitte. Around 200 regulatory revisions are published daily across the world. Practitioners are expecting no let-up in the volume of regulatory change or the time required to track it. Nearly 70 percent of firms in a 2016 Thomson Reuters survey expect regulators to publish even more information in the coming year. A quarter expect significantly more. More than a third of firms spend at least a whole day every week tracking and analysing regulatory change. As to the personal impact, 60 percent of respondents expect more personal liability for compliance officers in the next year. The scope and frequency of regulation is

unavoidable. Everything from capital markets and trading systems to consumer finance is regulated. Moreover firms encounter regulation every time they on-board a new customer or complete a trade. Customers encounter it 200-plus times per year, every time they conduct a banking transaction or make a payment. Within European legislation, regulations differ from directives. Elsewhere policies differ from standards, from best practice, from consultations and recommendations. Moreover, requirements straddle geographies as well as lines of business. The plethora of sometimes conflicting requirements leave many wondering which way to turn. There is an industrywide need to drive down compliance costs and manage risk better. This is particularly for high-volume, real-time, duplicated costs, such as know your customer (KYC) and anti-money laundering requirements. There is also the opportunity to improve the customer experience and increase the confidence of both parties to transact. Regulation is ripe for disruption.

WHAT IS REGTECH?

The de facto definition of RegTech comes from the Financial Conduct Authority (FCA), the UK financial services regulator. It defines RegTech as a “sub-set of FinTech that focuses on technologies that may facilitate the delivery of regulatory requirements more efficiently and effectively than existing capabilities.” But is it really all about regulatory requirements? Come to that, is it all about efficiency and effectiveness? For Subas Roy, chairman of the International RegTech

regtech

14

“Trust is one of the most important factors for the future sustainability of our financial sector, because it is changing. Technology is driving those changes.”Subas Roy, International RegTech

Association

www.paymentscm.compayments cards & mobile | July / August 2017

There was a regulatory alert every 12 minutes in 2015, according to Thomson Reuters. With the pace of regulatory change showing no signs of let-up and compliance budgets ballooning, regulation is ripe for disruption. Enter a new breed of RegTech disruptors threatening to do for regulation what FinTech is doing for financial services.

REGULATION, REGULATIONEVERYWHERE

15

Association (IRTA), it is a matter of not only but also. RegTech is about helping to reduce the cost and improve the effectiveness of regulatory compliance. However, it is also about innovation and achieving consumer trust. The current IRTA RegTech definition reflects this. “RegTech signifies de-complexing and de-risking the risk and regulatory environment to adapt to a new, alternative and more open way of demonstrating residual regulatory compliance […] helping to reduce cost and complexities, improve effectiveness of financial services and most importantly achieve the trust of consumers.” If trust is one of the most important factors for the future sustainability of any sector, then by implication, RegTech goes beyond financial services. It is also applicable to other regulated industries, such as pharmaceuticals, healthcare, energy and so on. “As an international association, we are already seeing members from these industries coming to us and saying, what about RegTech in our particular industry?” explains Roy. Then there is the matter of intent. Both of regulation and consequently RegTech. The intent of regulation is to protect consumers, businesses, economies and so on. The regulator’s rulebook invariably becomes as long as financial services is broad. Universal banks and payment service providers must understand and comply with a sizeable part of the rule book; FinTech and niche firms potentially less. Which parts though and how? These are the million-dollar questions and the opportunity for RegTech disruptors. “If you zoom out and understand the intent of the regulator. What is it that they are trying to achieve? That’s a good place to start,” says Ed Carrell, managing director, group innovation, Barclays Bank. Naturally, this does not obviate the need for firms to understand the absolute requirements on them. “If you deliver the intent and the requirements, then you are making something complex simple. That will always be a valuable service that people will enjoy and pay for,” he says. “I see RegTech slightly wider than the FCA definition: how can technology help deliver the intent, purpose and requirements of regulation to make financial services better, cheaper, faster and safer for consumers and businesses,” says Carrell.

THE TECH IN REGTECH

There is good RegTech and bad RegTech. As well as Reg-wash, the bandwagon-jumping promotion of particular solutions that claim to meet regulatory requirements. So, what does good RegTech look like? Unsurprisingly for a movement that is the younger brother of FinTech, good RegTech is concerned with the use and impact of technology. “It needs to be nimble and leading-edge,” says Roy. “Because where we are headed, technology is driving change in behaviour, culture and ways of working.” Good RegTech incorporates adaptability and flexibility, so the solution can be applied cross-border and into the future. Many RegTech solutions tend to be cloud-based, where data is maintained and backed up remotely. This gives firms the flexibility and scalability to easily add or remove services. Or access more compute power and storage as required, often on a cost-effective, pay-as-you-go basis. The ability to respond quickly, sometimes in real-time, is also important. As is being able to integrate the technology quickly. Drawing insights from data with analysis and visualisation tools is another critical characteristic. Therefore when considering the Tech in RegTech, the usual technology suspects feature. They include artificial intelligence, machine learning, Big Data, data visualisation and distributed ledger technology. Good RegTech also needs to supply fit-for-purpose technology for FinTech times. That is to say, it is not only about the choice of technology, but also the end to which it is put. “FinTech is such a broad statement in terms of change within the industry. It’s more of a movement than a collection of companies. A statement of intent to deliver things in a certain way,” says David Brear, CEO and co-founder of digital banking consultancy 11:FS. That way is generally to use technology to make financial services more efficient. This means developing products and services that are more user-friendly, cost less to deliver and are optimised for digital channels. RegTech needs to meet FinTech challenges head-on by using technology to deliver regulatory compliance quicker, more cheaply and accurately. An oft-cited example is operational costs. Whereas it costs a traditional large bank £160-180 to run a current account, new players can do this for around

five percent of that cost. This is largely through the use of technology to streamline and digitise regulatory processes. “With the changes in demographics, millennials are looking for nimbler, faster services. Therefore this is a clear indication where financial services is going to grow and how technology is driving those changes,” says Roy.

THE ROLE OF THE REGULATOR

So much for the Tech in RegTech. What about the Reg? Regulators have an interesting dual role in the RegTech movement. Firstly, as consumers of RegTech to improve the financial sector and their own ability to monitor participants. Secondly, as catalysts for the ecosystem around regulation. “I think regulators are the single most important player in RegTech,” says Roy. He highlights the need for the regulator to “establish a more joined-up and coordinated approach for innovation and the adoption of RegTech. That can only happen when we have a very supportive, linked-up, flexible regulatory environment.” There is always some degree of competition among regulators to create an attractive jurisdiction for business. If regulators attract innovative firms and ideas, it boosts their reputation for innovation and pragmatism. This in turn creates a virtuous circle across the ecosystem. Firms establish themselves in the jurisdiction. Venture capital is available. Incumbents and other regulators internationally take notice and so on. The UK FCA has been re-thinking how it engages with firms and regulates. It has been running a regulatory sandbox since last year. This supervised space allows businesses to test innovation in the real market, with real customers with FCA oversight. 77 submissions to the second cohort of the sandbox were

“How can technology help deliver the intent, purpose and requirements of regulation to make financial services better, cheaper, faster and safer for customers and businesses?”Ed Carrell, Barclays Bank

payments cards & mobile | July / August 2017 www.paymentscm.com

regtech

payments cards & mobile | March / April 2017 www.paymentscm.com16

regtech

received, more than applied for cohort one. 24 firms were accepted, covering a wide range of geographies and sectors, including general insurance, payments, retail banking and retail lending. The FCA also uses its convening power to bring market participants together in two-day TechSprints. Subjects covered so far have been financial inclusion/access, mental health and financial services, and unlocking regulatory reporting. Ideas from the latter event included converting the FCA Handbook to machine-readable text. This could help identify which parts applied to particular firms, and enable automated advice or personalised filtering. Additionally, firms ‘push’ information to the regulator by completing and submitting forms. This could move to more of a ‘pull’ model, where the regulator pulls data from firms as required. Regulators may engage with RegTech in various ways. Smaller markets with fewer regulatory bodies, incumbents and solutions may benefit from close engagement with RegTech firms via an accelerator-type model. They task firms with specific challenges, such as digital identity, financial inclusion, fraud and monitoring, and share results with those they regulate. “Other models are the FCA or MAS [Monetary Authority of Singapore] model, or to some extent the model adopted by Australia, which are about creating a collaborative ecosystem,” explains Roy. “They bring together the RegTech firms, academics, the regulator themselves, but most importantly the financial institutions.”

ISSUES AND BARRIERS

Technology looking for a solution. This is something that the financial services industry often experiences. To avoid expensive mis-steps, firms must ask themselves whether the RegTech solution solves a real problem. Or merely displaces, disperses or defers it. For Carrell at Barclays Bank, it comes back to intent. The challenge is understanding what the regulator is trying to address. “Make sure that you satisfy the actual regulatory need, don’t navigate around it, and then ease and clarity will always win,” he says. If you cannot measure it, you cannot mange it, or so the old management adage goes. Yet

sometimes this is precisely the problem. The zeal for measurable success metrics leads to a skewed focus. It may also create unintended consequences, if something that can be measured is used as a proxy for something that cannot. Implementing innovation in a legacy environment is one of the biggest challenges for RegTech. Legacy technology is difficult to dislodge and expensive to transform. Re-architecting back-end financial services infrastructure is a potentially huge undertaking from the point-of-view of processes and interoperability. Moreover, much of the back-end plumbing is not technological but legal. It includes the costs of searching, executing and exchanging legal documents, many of which are not yet digitised. This represents a huge cost to the B2B ecosystem. Advances in this area of RegTech, or LawTech, as well as the potential cost savings may dwarf the front-end advancements visible to consumers. Other barriers to RegTech success include the perennial problem of scale and the two-sided market. A critical mass of RegTech solutions and those looking to implement them is needed. It is the familiar problem of chicken and egg. The regulator can play a key role in helping to accelerate adoption on both sides in a number of ways. Firstly, by driving industry standards. Secondly, by improving collaboration between RegTech innovators, firms, themselves and overseas counterparts, among others. Thirdly, by certifying RegTech solutions which met certain criteria. Taken together, this may help to remove the uncertainty around particular regulations and the stance of the regulator. It may increase the credibility of unproven RegTech solutions. And encourage interest from firms, who do not wish to risk being early adopters. That said, the regulator must strike a balance. There are some firms who will choose to invest in and maintain their legacy systems and not

adopt new RegTech solutions. This remains a matter for their leadership, not necessarily the regulator.

REGTECH IN THE LIMELIGHT

RegTech gives impetus to examine both regulation and technology afresh. Perhaps it can help recalibrate the understanding and reputation of regulation after the financial crisis. After all, ensuring financial stability, fair competition and consumer protection are

eminently sensible principles. The collective cost

of regulatory compliance globally equates to the GDP

of a small country. Yet implemented correctly, RegTech can manage compliance and the customer experience. The

latter outcome is as much of a benefit to firms and

customers as the former. The size of the RegTech prize is

potentially huge. The benefits are also huge in that RegTech drives industrywide cost savings, whereas FinTech helps individual firms cut cost. “I think that a number of people in the RegTech space are being successful, because there is a need. There is a market. There is money. The recognition of that makes for good business,” comments Carrell. Firms may view regulation as a double-edged sword, namely as an opportunity as well as a threat. But RegTech? When one of the major threats is the opportunity cost of not participating, the opportunities surely outweigh the threats. And with enough opportunities to go around, regulation, regulation everywhere could well mean opportunity, opportunity everywhere.

“If you zoom out and understand the intent of the regulator. What is it that they are trying to achieve? That’s a good place to start.” Ed Carrell, Barclays Bank


ALERTS

RISKMANAGEMENT


LIBRARY

TRADEBLOTTER

PEACE OF MIND


ATTESTATIONS

REGULATORS

COMPLIANCE

BUSINESSOPERATIONS

Piecing together the payments puzzle

4-5 October 2017

// ExCeL London

Now in it's fifth year, PayExpo Europe is the leading payments event in the UK, attracting 2,200+ senior stakeholders from across the entire European payments community to network, learn about the ever changing payments landscape and make essential business contacts for the year ahead. With consumers’ spending habits and expectations changing faster than ever, the organisations that stay at the forefront of industry developments have a clear advantage. PayExpo Europe is the best place to share knowledge and rub shoulders with the disruptors and innovators driving change in the payments industry.

To discuss sponsorship opportunities contact Neil Da Costa on +44 (0) 20 7384 8059

or email [email protected]

FREE PASSES for retailers, MNOs, retail banks, government, gaming operators, startups, investors and CEOs

Solution providers canuse code PCM20 for a 20% discount

@PayExpo

www.payexpo.com/europe

Find out more and register at

2,200+

130+

80+

ATTENDEES

SPEAKERS

EXHIBITORS

€

by Joyrene Thomas

We live in digital times. The banking and financial services industry talks regularly about digital transformation. In truth, the transformation has already happened and there is no going back. Every organisation is a digital business by default, if not by design. Being digital means being interconnected: individuals with businesses, businesses with suppliers, governments with businesses and individuals and so on. This is both an opportunity and a threat. Being interconnected allows organisations to derive additional value from digital. Yet it also broadens the attack surface via social media, digitally-integrated vendors or the ever-growing number of internet of things (IoT) endpoints.

The cyber threat intelligence industry has grown in recent years. But for too long has suffered from being big on threats and small on intelligence and insight. There are signs that the market is maturing. Vendors as well as banks and financial institutions are improving with regard to their use of threat intelligence. They are also working together and benefiting from open standards in this area.

CYBERCRIME PAYS

Cybercrime is a form of organised crime, which is exactly that — organised. Syndicates are set up according to the division of labour principle adopted by many large companies. There are marketing, finance and IT departments,

each of which contributes to the performance and overall success of the organisation. Cybercriminals have also borrowed sales and marketing practices from the legitimate economy. They operate star ratings systems and bug bounties, and offer crimeware with 24-hour customer helplines and money-back guarantees. There are hackers who work office hours with weekends and bank holidays off. Plus a burgeoning freelance or crime-as-a-service market, where customers can hire hackers, or buy or rent the latest tools. These include exploit kits to infect victims with malware, steal credentials or hold an organisation’s files to ransom. Money is flowing from other criminal

INSIDE THE MIND OF THE HACKER

cybercrime

18

Criminals follow the money. In today’s increasingly interconnected world they conduct digital hold-ups and cause major disruption by targeting critical infrastructure. So, how do those in the financial services industry get inside the mind of the hacker? How do they separate the signal from the noise to gain effective threat intelligence insights?


19

activities towards cybercrime, precisely because the business model stacks up. “Cyber criminals are very practical. If something doesn’t generate an income, they’ll walk away from it and start using something that does,” said Rik Ferguson, special advisor, Europol EC3 speaking at Info Security Europe. Ransomware grabbed headlines last year and became the favourite attack methodology used against businesses, particularly in North America and Europe. Ransomware locks computers or encrypts files and demands money from victims to regain access to their devices or data. Distribution of ransomware between January and November 2016 increased more than 265 percent, says cyber security firm Malwarebytes. The scourge of ransomware continues in 2017. Just weeks after the WannaCry ransomware virus caused chaos across the globe in May, some of the world’s largest companies were hit by Petya, a second huge cyber attack. This hit the Ukrainian central bank and other government departments, and brought Kiev airport and the metro network to a standstill, before quickly spreading to at least 60 other countries. Botnets, a robot network of compromised computers, are growing in strength by targeting internet of things (IoT) devices. This means ever-more powerful distributed denial of service (DDoS) attacks, which overwhelm specific IP addresses or web services with fake traffic to knock them offline. For example, in addition to corporate targets, the Austrian parliament and more than a hundred government servers in Luxembourg have been affected by DDoS attacks this year. However, banks and financial services companies remain the most attractive DDoS targets. Attacks are capable of causing such serious material and reputational damage that many organisations choose to pay ransom demands to prevent them.

DATA INTO INSIGHT

Unsurprisingly, the threat intelligence industry has ballooned in recent years in response to the number and nature of cyber threats. The growth can also be attributed to the emergence of new technology vendors, changing legislation and government incentives designed to help organisations strengthen their cyber resilience. Many companies provide threat data, such as black lists, white lists, IP addresses, e-mail senders, DNS servers, as opposed to threat intelligence. So, how do banks and financial services companies separate the signal from the noise to gain effective threat intelligence insights? “We see threat intelligence as being divided into three sub-segments,” says Elad Ben Meir, vice president, marketing at Israeli cyber security firm Cyberint. “The first one is intelligence feeds — any indicators that are collected by security vendors and distributed. The second is what we refer to as ‘strategic intelligence’ — reports delivered on a monthly or weekly basis about trends or general threats per industry. The third is taking the strategic position of threat intelligence and making it targeted to customers,” he explains. Distilling what starts out as threat data into useful intelligence is key. “To be effective, cyber intelligence must be contextualised. One of the most challenging hurdles that financial institutions face is that they receive intelligence that is not in context to their activities, business needs or processes,” says Itay Yanovski, co-founder and senior vice president, strategy, Cyberint. “It may be important knowledge, but it is not actually something that is actionable.” Turning data into insights may well begin by separating the intelligence types. Data feeds can be incorporated into an organisation’s current controls, usually via a general collection method or a SIEM (security information and event management), which attributes general indicators to the data. Strategic threat intelligence can be used at board level by directors considering the financial and reputational impact of cyber threats, plus the potential opportunities. Contextualised intelligence can be used operationally to augment current controls and understanding, particularly in the area of simulations or scenario planning. “Once you understand who is targeting you, what they

are targeting you with and their attack plan, you can simulate the same type of scenario,” explains Ben Meir. This allows companies to understand where the weaknesses with their defence controls lie, and act to correct them.

EFFECTIVE INTELLIGENCE

There are other ways to use threat intelligence to get inside the mind of the hacker. “Threat intelligence can be used partly at the detection phase, partly at the understanding and diagnosis phase and partly in response,” says Piers Wilson, head of product management at Huntsman, a cyber security firm providing defence-grade security. If a bank knows that a certain range of IP addresses, domain names or indicators is significant – as it represents a particular type of attacker or piece of malware – it can watch for this and then prevent or detect it straight away, Wilson explains. “Threat intelligence indicators of compromise can be used to verify and diagnose the nature of a particular intrusion. It may also be used in attribution to find out where a threat or attack originated from,” says Wilson. He also emphasises the importance of understanding the threat context. Internal lists of senior executives, users that have administrator privileges or are involved in a particular project may not count as threat intelligence. Overlaid with external data, however, this information can help organisations understand the risk, the threat or attack when it occurs, and shape the response. In this regard, banks have a head-start over other sectors in working with threat intelligence data. “Banks are quite used to dealing with fraud-type risks, for example blacklists of credit card numbers or accounts under suspicion. When you start to apply fraud-like thinking to security threat data, it’s easier to translate into intelligence,” Wilson contends. Secondly, banks have historically been good at working together to share information. “Although they compete quite fiercely, there has been a co-operative view in banking that fraud, against one or against all, is always going to be a challenge.” As such, Wilson has seen banks exchanging information on what he describes as a “semi-formal” basis. This is mostly at the operational level, for example around attack vectors or domain names and IP addresses that have been involved in botnets or phishing campaigns.


“The only way to understand what the threats are and what is looming is threat intelligence. Threat intelligence is the key to proactive security.”Itay Yanovski, Cyberint

cybercrime

cybercrime

Sharing threat intelligence in a type of ‘community health’ approach is helpful. This can be done via vendors or government-run initiatives, which establish communities and facilitate information exchange. The adoption of open standards, such as STIX and TAXII, also helps in this regard. These formats for data structure or transmission are useful for passing information between organisations in a common format, with the meaning, notes and diagnosis appended. A prominent vendor with a proprietary threat intelligence feed converted this to being STIX and TAXII-compliant about a month ago, according to Wilson. The UK government threat intelligence feed conforms to a STIX format file. “There’s definitely a need to move towards a more structured and co-operative, standards-based way of working, which will benefit vendors and users alike in terms of exchanging information,” said Wilson.

THE GEO-POLITICAL DIMENSION

“Over recent months, we have seen the Democratic National Committee hack, which appears to have been the work of Russian state hackers to cause disruption and controversy around the US elections,” says John Bambenek, manager, security threat, Fidelis Cybersecurity. There has also been the potential information gathering of known Chinese hackers ahead of negotiations between President Trump and Xi Jinping; and the alleged DDoS attack associated with the Brexit ‘register to vote’ site, he continues. Attacks against enterprises are just the same. While some may be conducted to hold the organisation to ransom, others may be used to access confidential information. Sometimes it could simply be about causing a stir or a distraction. Who would have thought that the disclosure of British cyclist Bradley Wiggins’ medical records, or e-mails between SONY colleagues would have generated so much publicity? This merely shows that victims, hackers and the public place different value on information. Banks and financial institutions must consider this as well as the geo-political dimension to threats. They are caught in the cross-hairs of geo-political aggressors for two reasons. Firstly, they are critical infrastructure

targets for those wanting to disrupt trade and the economic health of a country. Secondly, they are financial targets for those wanting to rob the bank. Banks and financial institutions are also more likely to be targeted by state-sponsored attackers. So, how important is attribution after a cyber attack? The reasons that attribution is difficult in cyberspace are many and varied. The internet is an anonymous platform with no centralised legal authority. Digital identities are inherently weak, easy to fake and hard to attribute back to a real person. “Other methods of attribution, such as looking at the code or other elements within the code itself, are also being manipulated by actors, who want to distract the investigators. This is the key for cyber insecurity,” says Yanovski. Whilst difficult to do, attribution has “value in terms of understanding the attack, recovering funds and tracing the movement of funds and data around the world,” says Wilson. “Possibly less so in terms of prosecution because you very seldom get back to an entity, organisation or individual that you can point the finger at. The value of attribution is understanding whether there is a political motive and tracing the funds.” Attribution is also useful in helping to prevent an attack from happening again and as an indicator of what may happen next. “The more you can understand of how adversaries are going to work, what type of code they are using, what their attack methods are, clearly the more you can do to defend against it. Attribution certainly has value, maybe not in the courts, but value to the defenders,” says Wilson.

IN SUMMARY

The various sub-divisions of cyber threat intelligence — data feeds, strategic intelligence and contextual intelligence — help organisations to protect, detect, respond and recover from threats. Most importantly, however, threat intelligence helps organisations anticipate threats before they become incidents. “The only way to understand what the threats are and what is looming is threat intelligence,” says Yanovski

of Cyberint. “Threat intelligence is the key to proactive security.” Threat intelligence is most useful in context. Every day is different in cyber, so context in a temporal as well as a business sense is everything. Understanding threat intelligence in context of cyber posture is the best tactic. That is to say, understanding how an organisation’s

external-facing assets can be used as an attack vector into the organisation.

Taking an outside-in as well as an inside-out view of the organisation’s data, assets and digital footprint is akin to getting inside the mind of the

hacker and thinking from their point-of-view.

Moreover, what is important to an organisation may not be

what is important to the hacker. The value of protecting customer data is not just avoiding regulatory fines for data loss, but avoiding the business continuity risks, legal and contractural obligations, and reputational impacts of a cyber attack. Banks and financial institutions may have a head-start in understanding the fully-loaded costs of a cyber incident. They hold so much personal and financial data, and already have a mindset around the importance of protecting it, even before the General Data Protection Regulation (GDPR) comes into force next year. However, it is not just the confidentiality of data that is important, but the integrity and availability of it, too. Customer information should remain uncorrupted and accessible when needed. It is this availability of data that is often more important to customers in the short-term. Customers can quickly become upset if they cannot access their online banking or cash from an ATM. They worry if payments are not settled or they cannot pay bills. Probing inside the mind of the hacker reveals that it is a busy, well-organised, well-funded one. It is capable of doing patient research, taking calculated risks and changing quickly as circumstances require. However, those that understand the mind and ecosystem of their cyber adversaries are much better equipped to mitigate their threats. Or as Sun Tzu, the Chinese general and military strategist, said in his The Art of War, if you know the enemy and know yourself, you need not fear the result of a hundred battles.

20 www.paymentscm.compayments cards & mobile | July / August 2017

risk & compliance

22

The legal basis for privacy in Europe since the Second World War was enshrined in article 8 of the European Convention on Human Rights (1953). This guarantees the right to respect for private and family life, one’s home and correspondence. The GDPR builds on the principles that privacy and the protection of data are fundamental human rights. “My approach was to prioritise a culture change in the stewardship of data, such that it facilitated opportunities for data use and data sharing — so that it would not become an impediment to legitimate uses of data — but it would penalise misuse of data,” said Sarah Ludford speaking at a Westminster e-forum. Ludford was formerly a member of the European parliament and worked on drafts of the regulation. “We have had many high-profile cases of data loss, data breaches and fraud. This has a very damaging effect on consumer confidence. That is not in the interests of businesses or public bodies, who want to make the case for data,” she continued.

HIGHLIGHTS OF THE REGULATION

Privacy rights are strengthened by various pieces of European legislation as well as laws within individual member states. As a regulation, the GDPR applies across all EU member states, in theory at least. There will also be a one-stop-shop, a lead regulator that gives guidance in the case of pan-European businesses. The regulation consists of more than 200 pages of articles and recitals. However, the highlights include mandatory breach notification, greater enforcement penalties and enhanced rights for individuals. Organisations will have to report data breaches within 72 hours from when they became aware of them, under some circumstances. They face stronger non-compliance penalties, namely fines of up to €20 million or four percent of annual global turnover, whichever is the greater. This represents a substantial increase on the maximum fines, which data protection regulators can currently impose.

There will be greater emphasis on organisations to demonstrate their compliance with an audit trail to evidence what they did and why. Some organisations will also be required to appoint a data protection officer. There are also significant implications for service provider organisations. No longer will data processors simply be covered by a contract with a data controller. Data processors will also have obligations to comply with GDPR principles, and be liable for fines. Therefore, organisations should expect tougher contractural negotiations with suppliers and clients regarding data protection warranties and representations. Reviewing contracts before the May 2018 deadline will represent a significant activity for many organisations. As to the rights of individuals, they have the right to be forgotten, where an organisation must erase data pertaining to them. They have the right to portability of their data, to object to automated decisions and to give more specific consents about how their data is used. The definition of what constitutes personal data is also wider. It goes beyond personal data, such as name and address, to include identification through a combination of personalised data elements.

READINESS PLANS

With less than a year to go until the GDPR comes into force, awareness of the regulation is high. Yet nearly half of businesses do not think they are going to be ready in time, according to the UK Direct Marketing Association. A further quarter have yet to even start a GDPR plan. Yet the consequences of failing to prepare are considerable. “The highest risk item in the GDPR is the 72-hour breach notification requirement, and banks are not mitigating this,” said Tim Richards, principal consultant, Consult Hyperion. “Data breaches are an unfortunate fact of life for financial institutions, and our analysis suggests that there have been no fewer than 27 data breach incidents among European tier one banks in the last decade, with some banks as multiple offenders,” he said.

European financial institutions could face fines totalling €4.7 billion in the first three years of the GDPR coming into force, Consult Hyperion claims. This is a conservative estimate, assuming breaches are at the lower end of the scale. Importantly, the impact on reputation and share price could be more dramatic than regulator fines. Financial services companies are used to operationalising the implementation of policies and procedures. Service providers and start-ups less so. The latter may struggle with limited focus, budget and resource. Furthermore as banks and payment companies have over ten years’ exposure to protecting card payment data (PCI DSS), their C-suite may require little persuasion/education as to the merits of protecting data. Organisations must comply with the GDPR: it is the law and also helps to mitigate risk. At the same time, it enables organisations to take advantage of opportunities. Organisations are advised to assess the difference between the old and new requirements, plus the delta between them to fill any gaps. Organisations should embed good internal risk practices, e.g. conducting privacy impact assessments, re-negotiate contracts and implement privacy by design rather than as a bolt-on at the end. While it sounds obvious, organisations should prioritise the tasks that take the longest, such as technical changes. The GDPR has the potential to overturn old notions of data being a zero sum gain — that customers must lose out for organisations to benefit. There are opportunities for innovation, for empowering customers to get more out of their own data, re-thinking the customer experience, and creating new roles and business models. Opportunities and risks exist in the same post-GDPR future. Act now. The data clock is ticking.

GDPR: LESS THAN A YEAR TO GO AND COUNTINGWith the 25 May 2018 deadline for the European General Data Protection Regulation (GDPR) looming large, PCM considers the background, content and opportunities of the new regulation.


issuing & acquiring

23

IMPACT OF THE INTERCHANGE FEE REGULATION 18 MONTHS ON It is now almost 18 months since the introduction of the Interchange Fee Regulation (IFR). This covered a good deal more than the interchange fee caps and included substantial changes to the business rules for card acceptance and processing frameworks. So, has implementation been effective and more importantly have there been unintended consequences? asks Peter Jones, managing director, PSE Consulting in this article which first appeared in the EPC Newsletter.

CREDIT INTERCHANGE CAPS HURT ISSUERS

Credit card issuers have suffered most from the reduction to 0.3 percent with average European Union (EU) interchange falling by over 50 percent and potentially €2 billion annually sucked out of their revenues. This has forced issuers to cut back on consumer loyalty programmes and cash back offers. Several have introduced card fees. The UK, the largest EU credit card market, has been most impacted. Conversely, large merchants have received a very significant revenue transfer, adding to their profitability. Small and medium merchants (SMEs) have not been so lucky with many acquirers choosing not to pass on the full interchange reductions and reflecting increased scheme and other costs, which have reduced acquirers’ SME margins. Consumers are yet to see any reduction in the costs of goods and services directly attributable to the regulations.

DEBIT CAPS HAVE HAD A LESSER IMPACT

Interchange fees in many nations were already close to 0.2 percent but there have been changes. The higher the scheme interchange fee, the greater the propensity for an issuer to use that scheme. As yet the traditional low interchange fee countries (Netherlands, Denmark) have not increased their rates. Germany’s new bilateral rates appear just below the cap. The UK dropped its maximum, substantially increasing fees for high average transaction value (ATV) transactions. Conversely, Ireland reduced its debit rate to 0.1 percent. In France, deferred debit cards are classified as credit thus the impact has been lower than predicted. Based on market feedback, the multilateral interchange fee (MIF) caps have been widely

applied. Although there is some evidence that cap-exempt commercial cards issuing has increased, yet the impact has been modest so far.

BUSINESS RULES CHANGES - ENCOURAGES PAN-EU ACQUIRING

Business regulations were perceived by many as a Commission attempt to micro-manage the cards business. The new rules include the removal of scheme EU territorial restrictions. Essentially, the borders were removed. Visa and Mastercard had already pre-empted the changes but the travel and entertainment (T&E) card schemes have made significant changes to their country franchise structures. A particular licensing outcome (linked to the caps) has been an acceleration of pan-EU merchants seeking a single acquiring relationship. This is impacting smaller national acquirers who cannot offer the EU-wide acceptance levels of the international players. Several domestic debit schemes feel similarly threatened. One of the most far-reaching changes is card scheme brand and processing separation. This was flagged in the 2005 SEPA Cards Framework (SCF) and mostly implemented across the EU and to a fair degree by the international card schemes (ICS). The IFR’s objective was to increase processing competition and move away from mandated mono-brand networks. The two major ICS have fully implemented this, and some acquirers are now requesting bids for multi-brand authorisation and clearing. One of the least practical changes enables consumers to select a preferred brand on a co-badged card. A solution to resolve a non-existent problem? Cardholder research has never raised brand choice as a pressing requirement.Even stranger, consumers can also overturn another rule which allows the merchant to steer the cardholder to their preferred lower cost and possibly incentivise brands. Consequently, some national debit card schemes may issue separate co-badged cards just for cross-border usage with domestic cards mono-branded to fend off ICS brand selection competition. But this would be a step backward from a SEPA perspective. Another new rule is to mandate the unbundling (or unblending) of the merchant service charge

(MSC) to improve transparency. This entails breaking out interchange, scheme fees and processing (at product brand level) from acquiring fees, per card product. Acquirers call this interchange++ billing, a practice common in the US and UK. Unbundling is progressing slowly across the EU. Larger merchants lack the systems to check the validity of the massive volume of new data they now receive. Smaller merchants prefer the simplicity of a single unit or ad valorem fee per transaction and many have opted out under the rules. Worldwide regulators have disputed the ‘honour all cards’ (HAC) rule whereby schemes mandate merchants must accept all their branded products. The IFR allows HAC but only for cards subject to the caps. Currently merchants lack card tables to identify capped and uncapped cards. So, implementation has stalled. Conversely (under the revised Payment Services Directive) merchants are permitted to surcharge non-capped cards but need tables to identify cards. It is interesting to look back to 2005 and to compare the EPC’s original SCF proposals with the IFR. Several IFR mandates incorporated within the original SCF are now struggling, indicating that regulation does not guarantee easy implementation.

SEVERAL UNINTENDED CONSEQUENCES

So, what have been the unintended consequences? The caps have transferred substantial revenues to merchants but consumers and the mass of SMEs have seen little benefit. Debit rates have increased in some countries. Lower interchange has been partly offset by higher card scheme fees. Pan-EU merchants are contracting with pan-EU acquirers to the detriment of national-only players. Pan-EU licences and consumer brand selection have the potential to damage the EU’s cherished domestic debit schemes. Meanwhile consumers may be forced to carry separate cards for cross-border usage, which would not be ‘SEPA-compliant’. The implementation of unblending is patchy and large merchants are struggling to manage new streams of data. But not all IFR implementation has been negative. Longer-term competition will inevitably drive down consumer and smaller merchant costs. But there is still some way to go.


More than 30 US banks and credit unions unveiled a unified person-to-person money transfer service in mid-June. Known as Zelle, the service covers around 86 million US mobile-banking customers and competes head-on with rivals such as Venmo from PayPal and Apple Pay from Apple.

IN THE BANK CORNER…

Zelle, whose logo is a cross between a ‘Z’ and a dollar sign, will be available within the mobile banking apps of various banks. Customers will be able to send funds from one bank account to another in minutes, using only a recipient’s e-mail address or mobile phone number. By increasing the speed, convenience, choice and coverage of person-to-person payments, it is hoped that Zelle will take the bank fight to Silicon Valley over P2P. Just as importantly, Zelle will displace less efficient paper-based P2P payments, such as cash and cheques. “Fragmentation has been frustrating for consumers. Inconsistent experiences have made it difficult to send and receive money between banks,” said Paul Finch, CEO, Early Warning Services. “Zelle unites the financial community behind a single, real-time P2P payments experience for millions of consumers. Together we are removing friction from finance, allowing money to move seamlessly between accounts in minutes.”

Zelle is built on the foundation of the former clearXchange network by Early Warning Services, a bank-owned risk management firms that oversees the network. In addition to working directly with financial institutions, Early Warning has established strategic partnerships with leading US processors, such as CO-OP Financial Services, FIS, Fiserv and Jack Henry and Associates. These relationships will broaden the reach of Zelle to community banks and credit unions. Millions more consumers, including those banking with non-participating banks, will be able to access Zelle through a standalone app in the coming months. Tie-ups with both Visa and Mastercard will enable consumers to send and receive money from nearly anyone with a US-based debit card. During the first quarter of 2017, more than 51 million transactions, totalling upwards of $16 billion were processed across the Zelle network. “The consumer P2P market is experiencing rapid growth and financial institutions have a role to play,” said Michael Moeser, director of payments, Javelin Strategy & Research. “There is a market opportunity to offer a secure and trusted experience, as well as have greater P2P availability in financial institutions’ digital banking, mobile wallets and voice-driven P2P services.”

IN THE SILICON VALLEY CORNER…

Not to be outdone, Silicon Valley came back with fighting talk. A week after the Zelle

announcement, PayPal said that it was testing a beta version of instant money transfers via bank accounts. “Today, people are using PayPal’s P2P services, including Venmo and Xoom, to send and receive more than $7 million an hour to their friends and family,” wrote PayPal executive vice president, Bill Ready, in a corporate blog. “PayPal users in the US will soon be able to instantly transfer money to their bank accounts via eligible debit cards linked to their PayPal account.” The service is currently in beta testing with selected users before being rolled out more generally to US PayPal users over the coming weeks and months, according to Ready. This is evidence that the initially frosty relations between PayPal and the card schemes are now more cordial. Ready confirmed that there would be no charge to transfer funds directly to a bank account on the original service, which typically takes one business day. The new transfer option would cost $0.25 per transfer. Elsewhere, Apple announced during its worldwide developers conference in early June that its new iOS 11, launching in the autumn, will allow users to send and receive money through iMessage with one tap. It will also automatically alert users when a contact tells them via iMessage that they owe money and prompt for payment. Users will also be able to tell Siri to pay someone, using the credit and debit cards they already have in their wallet.

US BANKS TAKE THE P2P FIGHT TO SILICON VALLEY RIVALS

mobile payments

24

P2P BECOMING THE NEW SOCIAL NORM IN THE USThe latest Bank of America Trends in Consumer Mobility Report found that P2P is quickly becoming the new social norm, as 36 percent of adults currently use the service, with millennials leading the charge at nearly double that rate (62 percent). Furthermore, 45 percent of consumers say they plan to start using the service within the next year. The survey also found that timing is top of mind when deciding to use a P2P service. Most users say they started using P2P due to convenience and time savings (68 percent). This motivation is closely followed by peer influence (48 percent), new offerings from banks (30 percent) and a

desire to no longer use cash or cheques (16 percent). Users also agree that time is of the essence when paying each other back via P2P. 69 percent of respondents say they pay each other back within the same day, and more than a third say in less than an hour. Similarly, 53 percent expect others to pay them back within 24 hours, and almost 22 percent within the hour. Other insights from the Bank of America Trends in Consumer Mobility Report include:• 45 percent of consumers use P2P for shared expenses surrounding bills, followed by gifts (42 percent), travel (37 percent) and dining (35 percent).

• 51 percent of P2P users believe requesting a payment from others for $5 or less is socially acceptable, and 36 percent claim no amount is too low.• In sharing opinions about others’ payments faux pas, people are most annoyed by others paying via cheque in store (51 percent), followed by a delay in cashing cheques (38 percent).• 71 percent of consumers believe children under the age of ten will not know how to write a cheque, 42 percent believe they won’t use physical credit cards, and 36 percent think they will only shop on their smartphones.


APPLE AND VISA HIT WITH APPLE PAY PATENT INFRINGEMENT LAWSUIT

UK: CONTACTLESS CARDS SET TO OVERTAKE CASH IN 2018

Apple and Visa have been hit with an Apple Pay patent infringement lawsuit by Universal Secure Registry (USR), a small US company, that alleges their mobile payment partnership infringes four of its patents. In a federal lawsuit filed in Wilmington, Delaware, USR said it sent Apple a series of letters in 2010 describing its patented technology and seeking a partnership long before Apple Pay’s debut. One letter detailed USR’s patent for using biometrics to authenticate identity on a smartphone, according to the complaint filed 21 May. Kenneth Weiss, chief executive of USR, also pursued a partnership with Visa around the same time, engaging “in a series of confidential discussions with senior representatives,” according to the filing. Both

Apple and Visa shunned USR’s offers in favour of a partnership with each other to incorporate the technology into Apple Pay. According to the complaint, when Apple publicly announced its Apple Pay service in September 2014, the company “touted the same benefits that USR had introduced to Apple and Visa in 2010.” “Just as USR disclosed to Apple and Visa that its patented technology eliminated the need to store or transmit payment-card account numbers, Apple bragged to its users that with Apple Pay ‘the credit card isn’t stored on the device,’” lawyers for USR said in the complaint. Apple spokesman, Josh Rosenstock, and Amanda Pires, a spokeswoman for Visa, both declined to comment on the

complaint. USR, based in Newton, Massachusetts, wants cash compensation and an order that would block further unauthorised use of its inventions. The case is Universal Secure Registry LLC vs Apple Inc 17-00585 US District Court, District of Delaware (Wilmington).

Rapid growth in the use of contactless cards means cash will be overtaken as Britain’s most frequently used payment method by the end of 2018, according to a new report. This latest forecast still does not herald the demise of cash – even in ten years’ time it is still expected to make up 21 percent of all payments. Analysis carried out for UK Payment Markets 2017 forecasts that debit cards will become the most frequently used payment method in late 2018, three years earlier than previously predicted due in large part to the increasing popularity of contactless. There were nearly 2.9 billion contactless payments in the UK in 2016, more than 2.7 times more than in the previous year (1.1 billion). Contactless payments made up seven percent of the total number of payments in 2016, with the continued growth meaning that by 2026 more than one-in-four (27 percent) payments in the UK is expected to be contactless. Debit cards were used 11.6 billion times in 2016, 14 percent more than the previous year, with just over one-in-five of these transactions made using contactless. Cash was still the most frequently used payment method in 2016, used for 15.4 billion payments (3.8 billion more occasions than debit cards). Four-in-ten payments in 2016 were made using cash. By 2018, when debit cards are forecast to

overtake cash, 13.4 billion debit card payments are predicted, of which 4.6 billion (or one-in-three) are expected to be contactless. Cash is expected to be used for 13.3 billion payments in 2018, meaning it will not be the most frequently used payment method for the first time. “The popularity of contactless means that we expect debit cards to overtake cash as the UK’s most frequently used payment method in late 2018, three years earlier than we previously thought," explains Adrian Buckle, chief economist, Payments UK. "This is a significant shift but it’s vital to note that even in the face of this change, we believe any claims the UK will soon become a cashless society are wide of the mark. People will always want to choose the payment methods that best suit them, and cash will remain a frequently-used payment method for the foreseeable future. In ten years’ time, we will still be using cash for one-in-five payments in the UK, even as mobile payments and other innovations provide ever greater choice about how to pay.” In total, 38.7 billion payments were made in the UK in 2016. UK Payment Markets 2017 also publishes data and ten-year forecasts for the other main payment methods, to give a complete picture of the UK’s payments landscape for both consumers and businesses, across every different payment type.

2016 FAST FACTS• Cash was still the most frequently used payment method in 2016, used for 15.4 billion payments.• Debit cards were used 11.6 billion times in 2016, 14 percent more than the previous year, with just over one in five of these transactions made using contactless.• 4.1 billion direct debit payments, worth a total £1,262 billion, were made in 2016.• 3.7 billion credit card usage grew in 2016, with 2.8 billion payments made — up nine percent year-on-year.• 2016 saw 1.3 billion payments made via remote (online or mobile) banking. These payments were transmitted via the Faster Payments Service or cleared in-house.2026 FORECAST• 18.2 billion debit card payments forecast for 2026, 57 percent more than 2016.• 8.7 billion cash payments predicted for 2026 – down 43 percent from 2016.• 4.4 billion direct debits payments predicted in 2026 up from 4.1 billion in 2016.• 3.7 billion credit card payments forecast up from 2.8 billion in 2016.• 2.3 billion remote banking payments, 1 billion more than 2016, transmitted via the Faster Payments Service or cleared in-house.

contactless

25payments cards & mobile | July / August 2017 www.paymentscm.com

www.paymentscm.com

pos terminals

26 payments cards & mobile | July / August 2017

CONSUMERS STILL LOVE CASH AS ATM TURNS 501967: Ronald Reagan was inaugurated as governor of California, Elvis Presley married and the UK entered negotiations for membership of the European Economic Community. It was also the year that the first ATM was installed at a Barclays Bank in Enfield, north London. This ushered in not only convenient 24-hour cash access, but also a new way of interacting with banks and technology. Half a century later there are more than three million ATMs worldwide, according to research firm RBR. A further one million are expected by 2020. The continuing popularity of ATMs underlines the modern-day cash contradiction. With ever-more digital ways to pay, the demand for physical cash has never been higher.

THE CASH CONTRADICTION

99 billion cash withdrawals were made in 2015 with notable increases in Asia Pacific and the Middle East and Africa, where volumes were up by 16 percent and eight percent respectively, RBR figures say. The growth in Chinese ATM usage comes as financial inclusion increases and banks migrate more customers to self-service to reach more customers at lower costs, widen access and extend presence beyond branches to improve profitability. Nevertheless the statistics on electronic payments and cash present a confusing picture. Payment cards as well as and mobile and contactless usage are increasing. Yet so is cash in circulation. “Many people are surprised to learn that demand for cash continues to grow. The value of Bank of England notes in circulation peaked in the run-up to Christmas

2016, reaching over £70 billion for the first time — an increase of ten percent on a year earlier,” said Victoria Cleland, chief cashier and director of notes at the Bank of England, speaking at an event in mid-June. “This is the fastest growth we’ve seen in a decade, and a giant leap compared to the £2.9 billion when the ATM was born.” Strong growth in banknote demand is not unique to the UK. Around $1.3 trillion worth of US dollar notes were in circulation at the end of 2015 or $4,200 for every person in the US, according to the US Federal Reserve. It is a similar story in Australia, Canada and the Eurozone.

SHOW ME THE MONEY

Why is cash in circulation rising, particularly in developed economies with digital alternatives? People may be hoarding cash as a store of value, particularly as interest rates head towards zero. They may be holding it outside the country or using it in the underground economy. Criminals love cash. It provides no information about its origin and is valid no matter who holds it. High denomination notes are particularly popular among criminals. The European Central Bank announced that it will stop producing €500 notes in 2018 amid fears that it could facilitate illegal activity. Whilst this may be a step in the cashless direction, for some it does not go far enough. In his book The Curse of Cash, the former chief economist at the International Monetary Fund, Kenneth Rogoff, calls for the phasing out of all paper currency. As well as “a major impediment to the smooth functioning of the global financial system”, he claims paper currency is feeding tax evasion, corruption and criminality. “The effect of curtailing paper currency on tax evasion alone would likely cover the lost profits from printing paper currency, even if tax evasion fell by only 10-15 percent,” argues Rogoff. The effect on illegal activities is probably even more important. In addition, there is the huge volume of cash payments within the informal or shadow economy. Cash continues to be attractive because many of its properties are still required. This is as true in the legitimate economy

as it is in the underground economy. Cash is a two-party transaction with no-one else involved. There are no witnesses, transaction fees or concepts of a chargeback. Cash is familiar, tangible, simple and irrevocable. It meets people’s needs and fits their beliefs. One of the major challenges to the cashless society is overturning decades of habit and deeply ingrained behaviour around how people access and spend cash.

LESS CASH OR CASHLESS?

There are cashless pockets by country or sector. “If you look globally, 80 percent of consumer transactions are made in cash. But like any statistic, this hides dramatic differences across the world,” explains Andy Brown, marketing director, payments, NCR. “Globally I think we are a long way from a cashless society, however Scandinavian countries are moving towards a cashless environment.” One of the areas where cashless payments have been particularly successful is closed-loop environments, such as campuses, stadia and mass transit networks. These environments typically have high volumes of low or lower-value, everyday payments. The advancements of contactless technology, the compelling use case around speed and convenience for all parties, and the ability to build critical mass quickly have created an almost perfect storm for cash displacement. The cashless future could lie in moving away from universal usage and coverage towards specific cashless use cases and good-enough acceptance. The payments industry could also do a better job of articulating the value of cash displacement rather than replacement. The ATM has a role to play in the cashless future. It has changed our relationship with money, machines and bank branches. Customers happily trade off teller service against self-service at a machine. 24-hour access to cash is now a current account hygiene factor and one not necessarily associated with banks. More than half the ATMs installed are away from bank branches, and a growing number by independent ATM deployers. 50 years after the birth of the ATM and despite digital payment developments, cash is not on the way out.

PSD2 DRIVES A 37 PERCENT DECLINE IN ONLINE CARD VOLUMESA new study from Ovum, has attempted for the first time to quantify the detrimental effect instant payments and PSD2 will have on traditional credit and debit card payments. The research Instant payments and the post-PSD2 landscape, commissioned by Icon Solutions, publishes quantitative insights into how PSD2 will be the catalyst for both the decline in card transactions and the uptake in direct and frictionless payment methods such as instant payments in Europe. It also shows how instant payments under PSD2 will change the way consumers pay for goods and services, revolutionising e-commerce. The research predicts that PSD2 will significantly disrupt the European retail payments landscape, unlocking new revenue opportunities for those nimble enough and adequately prepared. E-commerce card usage will stagnate at current levels of around €260 billion annually and by 2025, boosted by increased consumer convenience and the lower charges that PSD2 facilitates, instant payments will overtake cards. Card volumes are expected to stagnate at €260 billion post-PSD2, rather than reach the €411 billion predicted without PSD2, representing a 37 percent decrease in expected volumes. The research indicates that the shift away from cards is likely to gather pace, and by 2027, single-transaction e-commerce card payments will drop from the top spot declining from 40

percent market share to just 11 percent. This will leave instant payments and digital wallets (such as PayPal) as the two dominant payment methods across Europe as early as 2024. After the introduction of PSD2, instant payments are expected to absorb much of the rapid growth expected in European e-commerce over the next decade. They will gradually see a market share increase against established payment methods, to an average of 29 percent of expenditure across Europe. This figure is expected to range from 72 percent in the Netherlands, to just under 20 percent in Italy. This shift of European commerce to digital channels will continue to apply pressure to merchants to increasingly take an omni-channel approach, bringing a focus on new

payment methods to the forefront of merchants’ agendas. This, combined with potentially declining card revenues, is expected to place pressure on banks to provide the services that merchants need to become truly omni-channel. “PSD2 and other open banking initiatives are a golden opportunity for retail banks to re-imagine their products and services, and ensure they are fit for purpose in tomorrow’s digital ecosystem,” explains Kieran Hines, head of industries, Ovum. “In particular, those banks that combine early adoption of instant payments infrastructure with a proactive approach to PSD2 compliance and a focus on the payment needs of both merchants and consumers will be the ones that enjoy the most rapid growth over the coming years.”

ONLINE CARD SPENDING TO DOUBLE BY 2021 TO $6 TRILLIONGlobal Payment Cards Data and Forecasts to 2021, an annual survey of the global payment cards sector, reveals that the value of e-commerce card payments made worldwide grew by 26 percent during 2015 to reach $2.7 trillion, and represented 12 percent of all card expenditure. Key factors driving this impressive growth include:• A surge in internet penetration and smartphone holding• A rising number and range of merchants with an online presence• The convenience of making impulse buys on the move via mobile devices• Tools such as one-click checkouts and suggested additional items, which simplify the transaction process.

ADVANCES IN SECURITY IMPROVE CONFIDENCE

The study reveals that while some cardholders have previously held back from purchasing goods online because of security concerns, confidence in the e-commerce channel is rising. Measures being taken to reduce fraud include the creation of a new 3-D Secure specification to authenticate cardholders which will be progressively rolled out over the coming years. 3-D Secure 2.0 is designed to meet the needs of consumers using new technologies such as mobile apps and digital wallets. It will increase risk-based authentication, removing the requirement for a password for the vast

majority of transactions. This update should offer further reassurance and convenience to online shoppers.

E-COMMERCE CARD EXPENDITURE TO CONTINUE ITS RAPID GROWTH

The report forecasts that e-commerce card spending will more than double between 2015 and 2021 to reach $6 trillion. “The e-commerce sector will represent a growing proportion of global card expenditure with one dollar in five spent online by 2021. The improving convenience and security of the e-commerce channel are key drivers of this growth," says Chris Herbert at RBR.

e-commerce


Source: Instant payments and the post-PSD2 landscape, Ovum

E-co

mm

erce

pay

men

ts (€

bn)

500

400

300

200

100

0

€411bn

€338bn

€260bn

Crossover point

Payment cards underlying forecast (no PSD2)

Instant Payments underlying forecast (no PSD2)

Payment cards post-PSD2

Instant Payments post-PSD2

€155bn

2022 2023 2024 2025 2026 2027

Ingenico ePayments, the online and mobile commerce division of Ingenico Group, has launched a new PSD2-compliant payment solution designed specifically for online marketplace operators. The solution is built on Ingenico’s full service payments platform and provides marketplaces with the flexibility and conformity to PSD2 they need to scale and grow internationally. Online marketplaces are expected to account for almost 40 percent of the global online retail market by 2020, according to a study by the E-Commerce Foundation and Nyenrode Business University. Reflecting the growing influence of marketplaces, when the PSD was extended in 2015, some of the exemptions that allowed

online marketplaces to operate without being regulated or supervised while providing payment services, were removed. PSD2 comes into effect in 2018, meaning online marketplace operators that sell to European consumers will need to become regulated and supervised (licensed) payment service providers or seek regulatory backing from a licensed provider. The new Ingenico payment solution for marketplaces is a scalable, secure and fully PSD2-compliant. It helps online marketplaces grow beyond their borders and simplify the transaction process for both sellers and buyers. Marketplace operators can opt to use Ingenico API for a customised implementation

of the marketplace solution, or use a dedicated connector for one of the leading middleware platforms for marketplaces, such as Mirakl or Izberg. “As online retail matures, we increasingly see the marketplace model driving growth in the space. But to sustain that growth, in the EU in particular, marketplaces will need to step up to become fully compliant with PSD2,” comments Ludovic Houri, vice president, product, Ingenico ePayments. “Our new marketplace solution not only removes the burden of PSD2 for operators, but provides a set of features and benefits that enable marketplaces to increase efficiency, reduce complexity and scale internationally," Houri concludes.

LG managed to launch its heavily delayed mobile payment service dubbed LG Pay on 2 June. The digital wallet competes with look-alike wallet offerings from Samsung Pay and Apple Pay. LG revealed that its digital wallet is based on wireless magnetic communication technology, which will allow users to make payments by simply touching their compatible mobile phone to the POS reader. Rumours of LG developing its own mobile payment system have been rife since early 2016. It was initially rumoured that the digital wallet would be introduced in LG smartphones by 2016.

LG Pay works along similar lines to Samsung Pay. However, Samsung's mobile wallet system uses magnetic secure transmission technology instead of NFC to make payments. "LG Pay is a service that allows users to pay offline on a smartphone just like a credit card. Wireless magnetic communication technology, which generates magnetic signals from mobile devices and charges them when they are brought to a general credit card terminal, is installed," the company said. LG announced that LG Pay would initially be available only through four major credit card

brands, namely KB, Shinhan, Lotte and BC. However, the South Korean-based OEM plans to gradually expand and bring on board all major cards in the industry by the end of September. The newly-launched service would initially be available only for LG G6 users. However, LG plans to extend the service to other devices soon. The company claims that LG Pay has airtight security measures when handling card details and transactions. LG asserts that a user will have to scan their fingerprint each time they wish to make a payment. This security measure will set new standards for mobile payment services.

INGENICO ANNOUNCE PSD2-COMPLIANT SOLUTION FOR MARKETPLACES

LG LAUNCHES DELAYED MOBILE PAYMENT SYSTEM LG PAY

AMAZON CHALLENGES BANKS IN BUSINESS LOAN MARKETIt started with book publishing before moving to grocery retail, delivery, music streaming and television. The next industry Amazon has in its disruptive sights is banking. The Seattle-based behemoth has lent more than $1 billion to small businesses in the last year, according to a media statement. Amazon Lending offers short-term business loans to micro, small and medium businesses selling on its marketplace. Amazon mines data on how its sellers are performing, allowing it to select borrowers. Funds come from its own balance sheet and repayments are deducted automatically from the seller’s account every two weeks.

Amazon has lent more than $3 billion to more than 20,000 small businesses since Amazon Lending launched in 2011. It has actively targeted sellers in Japan, UK and US with offers to borrow amounts ranging from $1,000 to $750,000. More than half the small business borrowers opt to take a second loan. Amazon is not the only technology company to challenge banks in the area of small business loans. Swedish mobile payment services provider iZettle launched its factored loan service, iZettle Advance, in August 2016. This allows small businesses to access extra capital via an advance on future card sales.

Similarly, working in partnership with Liberis, Worldpay offers small businesses an unsecured cash advance on card sales. Repayments are made on the basis of a pre-agreed percentage of future sales. Businesses only pay when they are earning and do not have to meet a monthly payment if business is quiet. Acquirers typically profit most from the long-tail of small and medium-sized businesses in their portfolios. Those seeking to monetise this group further through cross-sell activities, increased loyalty and smarter risk management will find that the tail wags a long way down.

products


contractsVANTIV AGREES WORLDPAY PURCHASE IN £9 BILLION DEALWorldpay has agreed a £9.1 billion deal to be acquired by US rival Vantiv, which sent shares in the company tumbling sharply. Worldpay shares fell close to ten percent to £3.68, soon after unveiling Vantiv’s planned takeover of the business, which values its shares at £3.85. Shares in Worldpay had climbed to as high as £4.35 amid expectations that a bidding war would ensue between Vantiv and JPMorgan Chase, both of whom were revealed to be competing to buy the company. But JPMorgan ruled itself out from making a bid within an hour of the announcement of

the deal between the two payments groups. The bank, which had faced criticism since it is also a corporate broker to Worldpay, said it had approached the UK company “in response to an invitation” and that it would not make a firm offer. Under UK takeover rules, JPMorgan cannot now approach Worldpay for six months. Vantiv, which has grown rapidly by striking deals across the US, is looking to gain a foothold in Europe where Worldpay is a leader in providing the technology that allows businesses to accept card payments and online transactions from customers.

Vantiv is interested in Worldpay’s operations in Europe, as a shift in consumer habits away from using cash to digital and card payments has helped bolster demand for payment processors. By acquiring or merging with a rival payment processor, companies can seek huge cost savings from cutting redundant technology and costs. They can also consolidate information about individual customers across different geographies, allowing them to provide more added value services to large corporations and retailers.

Visa and Klarna announced they have reached an agreement for Visa to invest in Klarna, and intend to develop a future strategic partnership. Klarna is one of Europe’s fastest growing online payments companies, serving 60 million consumers and 70,000 retailers. The equity investment and planned partnership demonstrate Visa and Klarna’s shared vision to accelerate online and mobile commerce for the benefit of consumers and merchants across Europe. Visa’s planned investment is part of a global strategy to open up the Visa ecosystem and

support a broad range of new partners who are helping to redefine and enhance the purchase experience for millions of consumers globally. Klarna develops products that address changing consumer preferences, giving them the flexibility and seamless experience they expect when shopping. “Klarna has demonstrated an expertise in consumer credit and online purchasing and together, we share a vision for how today’s online and mobile commerce experiences can be as simple as they are in the real world,” said Jim McCarthy, executive vice president, innovation and strategic partnerships, Visa Inc.

“Visa is committed to partnering with a new generation of partners and payment providers to bring secure, online commerce to many more consumers in Europe. We look forward to working more closely with Klarna to accomplish this.” According to Forrester, Europe is expected to see double-digit growth in online sales in the coming years. By 2021, the growth in the number of connected devices and improvements in mobile connectivity will drive online sales to reach 12 percent of the region's total retail sales. Additionally, online retail sales are expected to grow at an average rate of 12 percent per year over the next five years in Western Europe.

The first nationally sanctioned mobile wallet solution for the United Arab Emirates has been launched. Emcredit, a fully owned subsidiary of the Dubai Economy, will launch empay, a secure mobile wallet and payment platform that offers all United Arab Emirates residents the ability to easily pay for a wide variety of goods and services using smart wearable technology or multi-functional devices. NXP will manufacture and provide the NFC controller and secure element (SE) necessary to allow UAE consumers to utilise the service on wearable devices and Cardtek will provide the payment infrastructure. As a part of the Dubai Government Smart initiative, empay will bring together a number of service providers – including

banks, government departments, retailers, educational institutions, and transportation companies – into a common platform where consumers are easily able to access and pay for services from a single mobile wallet. empay will ultimately enable UAE consumers to make retail payments, initiate money transfers, and pay for government utilities – such as telecommunication and school fees – all from a single mobile wallet using either an active wearable or another multi-functional mobile device. Active wearables include a battery and a Bluetooth Low Energy (BLE) connection, in addition to a NFC interface. This allows communication to the cloud via a mobile phone or companion device, enabling multiple

applications to be dynamically and over the air (OTA) provisioned on the wearable device. This technology results in the richest possible user experience, where the consumer is able to virtualise all of their personal contactless cards on their wearable device.

VISA COMMITS TO STRATEGIC INVESTMENT IN KLARNA

NATIONAL MOBILE WALLET SERVICE LAUNCHES IN UAE


2017

28 30

Palais des FestivalsCannes France

Nov.

REGISTER ONLINE !www.trustech-event.com

#trustech2017

#LARGEST

#INTERNATIONAL

#EVENT

Annonce Presse Trustech 210x280.indd 1 19/05/2017 11:12

conferences


UPCOMING EVENTSSeamless Payments East Africa6-7 September, Nairobiwww.terrapinn.com/exhibition/seamless-east-africa

Seamless Payments Vietnam6-7 September, Ho Chi Minh Citywww.terrapinn.com/exhibition/seamless-vietnam/

The Future of Lending19 September, Londonwww.marketforce.eu.com/events/financial-services/future-of-lending

Restaurant Tech LiveBar Tech Live Hotel Tech Live26-27 September, Londonwww.restaurantbusinessshow.co.uk

PayExpo Europe4-5 October, Londonwww.payexpo.com/europe

Shoptalk Europe9-11 October, Copenhagenshoptalkeurope.com/

ATM & Cyber Security 201710-11 October, Londonwww.rbrlondon.com/events/atmsec

Money2020 USA22-25 October, Las Vegaswww.money2020.com

The Future of Nordic Banking6-7 November, Copenhagenwww.marketforce.eu.com/events/banking/nordic-banking

World Travel Market including The Travel Tech Show 6-8 November, Londonlondon.wtm.com/about-the-show/show-features/travel-technology/

The Future of Private Banking and Wealth Management23 November, Londonnew.marketforce.eu.com/money-live/event/private-banking-wealth-management/

The Future of Retail Banking28-29 November, Londonnew.marketforce.eu.com/money-live/event/retail-banking

Branch Transformation 201728-29 November, Londonwww.rbrlondon.com/events/branchtransformation

Trustech 201728-30 November, Canneswww.trustech-event.com

Ad Index July / August 2017Payment Card Yearbooks www.paymentcardyearbooks.com P13 Money2020 www.money2020.com P21FIME www.fime.com Cover P4PayExpo Europe www.payexpo.com/europe P17RS2 www.rs2.com Cover P2Trustech www.trustech-event.com Cover P3

Money2020 Europe, held in Copenhagen 26-28 June, was again a great success, covering payments and financial services from core services to FinTech. Presentations included those from senior executives of well-known global companies to smaller, but equally interesting, businesses. With more delegates and more exhibitors, it was a great place to network, talk business and create new

partnerships as well as meet with existing contacts and partners.

Once there, delegates were catered for and looked after with plentiful supplies of refreshments as well as

a good lunch with plenty of seating. Formal and informal meeting spaces were available throughout the

exhibition area and conference venue, with the ACI Smoothie Bar and JCB Tea Room proving

particularly popular.

For the networking evening, those who signed up were bussed to the Tivoli Gardens for drinks and a buffet

and, as an extra treat for the braver delegates, free rides on the numerous attractions.

Not only does Money2020 deliver as an event but it is run by their whole team in a professional and

friendly way with plenty of assistance readily available to all attendees if required.

Money2020 Europe expects more growth in 2018 and have announced that next year’s event will take

place 4-6 June in Amsterdam.

Money2020 USA takes place 22-25 October in Las Vegas.

Money2020 Europe

2017

28 30

Palais des FestivalsCannes France

Nov.

REGISTER ONLINE !www.trustech-event.com

#trustech2017

#LARGEST

#INTERNATIONAL

#EVENT

Annonce Presse Trustech 210x280.indd 1 19/05/2017 11:12

COVER STORY: ROLLING THE DICE - Payments Cards & Mobile

Documents

Transcript of COVER STORY: ROLLING THE DICE - Payments Cards & Mobile