Tim sloane preparing for rapid payments innovation
-
Upload
co-opfinancialservices -
Category
Economy & Finance
-
view
714 -
download
0
Transcript of Tim sloane preparing for rapid payments innovation
1
Preparing For Rapid Payments Innovation.
2
Tim SloaneVice President, Payments Innovation
3
Forecast Apple PayVolume Based on Adoption Model
Source: Mercator
Apple Pay: Off & Running
4
Android:Waiting in the Wings
• Multiple hardware device implementations• Multiple versions of OS
– Android One– AOSP
• Microsoft / Cyanogen
• 40 Apple iPhone Variations, 90,000+ Android Variations• Google Wallet V1, Google Pay, Samsung Pay …….
5
Android Devices - 2013
Source: OpenSignal
6
Android OS Versions - 2015
Source: OpenSignal
7
APPLE PAYOperation
Apple Wallet Implementation
Branded Network Network BrandedIssuer
Merchant Acquirer
TOKENTOKEN
PAN
TOKEN
Lookup PANAuth Request w/TOKEN Auth Request w/PAN
1
2
45
6 7 8
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
3
1) iTunes user provides card number (PAN) to iTunes.2) Apple forwards request to enable Apple Pay to the bank that owns the card for permission.3) When bank approves the request, the PAN is communicated to the appropriate network for token generation4) Network and Apple insert token into Secure Element of device5) Consumer presents Apple Pay device to POS using Touch ID6) Token and other payment relevant data are sent to the POS, which forwards via acquirer to the network7) Network receives token and looks up PAN. PAN is inserted into the authorization request and sent to the issuer8) Issuer receives the authorization request and approves or denies the transaction. (Note that several special fields are in the authorization request and other activities not described here (such as provisioning NFC device)
= NFC
8
APPLE PAYOperation
Apple Wallet Implementation
Branded Network Network BrandedIssuer
Merchant Acquirer
TOKENTOKEN
PAN
TOKEN
Lookup PANAuth Request w/TOKEN Auth Request w/PAN
1
2
45
6 7 8
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
PAN
3
1) iTunes user provides card number (PAN) to iTunes.2) Apple forwards request to enable Apple Pay to the bank that owns the card for permission.3) When bank approves the request, the PAN is communicated to the appropriate network for token generation4) Network and Apple insert token into Secure Element of device5) Consumer presents Apple Pay device to POS using Touch ID6) Token and other payment relevant data are sent to the POS, which forwards via acquirer to the network7) Network receives token and looks up PAN. PAN is inserted into the authorization request and sent to the issuer8) Issuer receives the authorization request and approves or denies the transaction. (Note that several special fields are in the authorization request and other activities not described here (such as provisioning NFC device)
= NFC
9
APPLE PAY is PROPRIETARY • Few networks have access to
Apple Provisioning function • Provisioning is contractually coupled
to compensation & settlement• Tokens alter how merchants find &
use alternate networks• Tokens alter merchants back end
processes (disputes/returns/etc.) • EFT networks must share transactional
data with MC/V to participate• No solution exists to enable Bank
Mobile Apps or ATM access
10
EMVCo HCE SUPPORT
1) Multiple Mobile Environments2) Each with unique security capabilities3) Each with unique identity support4) HCE cloud (Open to Buy Limits / One Time Use Tokens.2) Apple forwards request to enable Apple Pay to the bank that owns the card for permission.3) When bank approves the request, the PAN is communicated to the appropriate network for token generation4) Network and Apple insert token into Secure Element of device5) Consumer presents Apple Pay device to POS using Touch ID6) Token and other payment relevant data are sent to the POS, which forwards via acquirer to the network7) Network receives token and looks up PAN. PAN is inserted into the authorization request and sent to the issuer8) Issuer receives the authorization request and approves or denies the transaction. (Note that several special fields are in the authorization request and other activities not described here (such as provisioning NFC device)
5
Branded Network Network BrandedIssuer
Merchant Acquirer
TOKENTOKEN
PAN
Lookup PANAuth Request w/TOKEN Auth Request w/PAN
1
2
45
6 7 8
3
SE
HCE & DF
HCE & DF & Bio
ID&V Method 1
ID&V Method 2
ID&V Method 3
Token Service Provider(TSP)
Softcard
Google/Samsung
11
Tokenization Challenges:• What will be the long term fee structure?• How will EFT networks participate?• What is the role of issuing processors?• How will credentials be passed to ATM or is alternate needed?• How and when will the bank app be payment enabled?• Token Value prop in Mobile Apps is weak.
– Card on File preferred by most merchants• Merchants question Tokenization Durbin Compliance.• Is Apple A Good Long Term Strategic Partner?• How is a portfolio switched when Token Vault is held by the network?
12
Too many stove pipe solutions
BANK NETWORK& APP CHALLENGES
M-AppM-Browser
Banking AppRDC, Etc. EFT PIN
P2P
mPOS
Bank Solutions, MC/V Solutions,
EFT Solutions, Mobile Apps, ID Social, Cloud…
13
Innovation will surroundthe Payment utilizing m-POS and Smart Apps
mPOS WILL DRIVECHANGE & COMPLEXITY
14
• New Data Types• New Transaction Types• New Network Interactions• New Networks (e.g. MCX)
Innovation will surroundthe Payment utilizing m-POS and Smart Apps
mPOS WILL DRIVECHANGE & COMPLEXITY
15
New methods of Identity Verification combined with a complex mobile platform (hardware, OS, multiple comms carriers in both the handset and the POS) all riddled with vulnerabilities, makes a payments platform only a entrepreneur can love.
INNOVATION ONMOBILE HAS ITS RISKS
- Credentials in memory- Credentials on file system- Data stored on file system- Poor cert. Management- Etc.
- Clear text credentials- Clear text data- Backdoor data- Data leakage- Etc.
- SQL Injection- Cross Site Scripting- Local File Inclusion- Authentication- Etc.
Client Network Server
16
New methods of Identity Verification combined with a complex mobile platform (hardware, OS, multiple comms carriers in both the handset and the POS) all riddled with vulnerabilities, makes a payments platform only a entrepreneur can love.
INNOVATION ONMOBILE HAS ITS RISKS
- Credentials in memory- Credentials on file system- Data stored on file system- Poor cert. Management- Etc.
- Clear text credentials- Clear text data- Backdoor data- Data leakage- Etc.
- SQL Injection- Cross Site Scripting- Local File Inclusion- Authentication- Etc.
Client Network Server
Remember this?
17
New methods of Identity Verification combined with a complex mobile platform (hardware, OS, multiple comms carriers in both the handset and the POS) all riddled with vulnerabilities, makes a payments platform only a entrepreneur can love.
INNOVATION ONMOBILE HAS ITS RISKS
- Credentials in memory- Credentials on file system- Data stored on file system- Poor cert. Management- Etc.
- Clear text credentials- Clear text data- Backdoor data- Data leakage- Etc.
- SQL Injection- Cross Site Scripting- Local File Inclusion- Authentication- Etc.
Client Network Server
Remember this?
PATCHPROCESS
18
COMPETITIVEREVIEW
Apple Must deliver more value to merchants. Expect loyalty & BLE innovation as mechanism to
engage consumer and pass credentials at POS. Passbook gets interesting. Google / Softcard Technology
Softcard technology isn’t what Google needs, it needs low cost access to the SE by MNOs. It is unclear what business model networks will adopt to enable Google Wallet. Google must change existing pooled account model to encourages bank participation.
MCX / CurrentC Introduces a cross merchant loyalty agent that lowers payment costs for merchants.
MCX isn’t impacted by card networks, it lives or dies on its own ability to execute. PayPal / Paydiant
Current services implemented using private acquiring infrastructure and merchant relationship slows deployment. PayPal needs greater merchant adoption before Apple, and must implement a business model that drives bank participation.
Financial Institutions FIs promoted Apple Pay to gain top of wallet without knowing Apple’s or Networks long
term strategy. Without Android, banks can’t satisfy customers and can’t enable existing bank apps. Networks create new revenue source from issuers and protect market.
Samsung / LoopPay Will a smaller LoopPay still be effective? Is interim solution likely to cause problems at
POS? Unclear how Samsung will drive adoption by banks or what business model Networks will implement.
19
INNOVATORSAPPROACHING FROM ALLDIRECTIONS• Deliver engaging and complete
financial services to your customers.
• Review adjacent markets that add value or threaten your value proposition.
• Acquire partnerships and technologies that strengthen your value proposition and level of customer engagement.
• If you don’t others will!
20
Tim SloaneMercator Advisory [email protected]