Strong Customer Authentication (SCA) is a scant three months away. Will the EU be ready?

HourglassChances are it won’t come as much of a shock that the middle of September is about nine weeks away. Most years, that’s the usual interval between the middle of July and the middle of September. But this year, something promises to make the middle of September a little different: On the 14th, Strong Customer Authentication (SCA) becomes law in the European Union.

Of course, I’m writing from across the pond, where SCA doesn’t apply. But it’s worth following, even from afar. As the U.S. Congress steps up scrutiny of digital banking, it’s possible that they will watch the EU and draw inspiration from it.

In brief, SCA mandates two-party authentication for most card-not-present (CNP) e-commerce purchases. Finextra offers this description

SCA will require an extra layer of authentication for online payments. Where a card number and address once sufficed, customers will now be required to include at least two of the following three factors to do anything as simple as order a taxi or pay for a music streaming service. Something they know (like a password or PIN), something they own (like a token or smartphone), and something they are (like a fingerprint or biometric facial features).

The technology puts banks in the middle of the transaction and makes them responsible for the authentication. Not surprisingly, then, should a purchaser not satisfy two of the three requirements, a bank’s only course will be to reject the payment. Should that happen on a legit transaction, you can bet the bank will have on its hands an angry, frustrated customer who blames the bank.

Finextra continues:

The new rules are designed to protect European consumers from billions of euros in attempted online fraud … the European Central Bank now estimates around €1.3 billion in online fraud on European cards each year.

In the interest of not descending into the silly and annoying, there are instances in which SCA requirements are waived. These include transactions for less than a designated threshold, monthly subscriptions, business-to-business transactions, and transactions with businesses the accountholder has “white listed,” to name a few.

SCA is part of PSD2, short for Version 2 of the Payments Services Directive, which went into effect in January 2008. Nine years earlier, PSD1 standardized payments throughout the EU. Most notably, PSD2 has established that accounts belong to accountholders, not the financial institution where they reside; and it allows accountholders to authorize third party access to their accounts and data, otherwise known as open banking.

Initially, Visa went on record as not being a fan of SCA. Visa’s concern, the U.K.’s The Register reported at the time, was “…that making customers jump through more hoops to complete online transactions will result in increased cart abandonment rates, which will likely impact retailers’ bottom line.” 

It wasn’t an irrational argument. Direct marketers have long known that completion rates decrease with every step added to a transaction. Notwithstanding, there will be no putting off SCA. Last month, the European Banking Authority made that quite clear, stating, “the EBA is legally not able to postpone an application date that is set out in EU law.”  

Which is a little scary, given that it appears that many financial institutions and merchants in the EU aren’t ready. recently reported

… banks are still underprepared. While banks continue to open their application programming interfaces (APIs) to third-party providers and FinTech firms, many are still in the dark when it comes to SCA. Merchant partners are also scrambling, with just 40 percent of merchants within the EU currently stating they will be ready by September 2019.

If I’m not mistaken, that’s another way of stating that 60 percent of merchants in the EU are currently not stating that they will be ready by September.

In March, Bobs Guide had this to say:

As many as 25% of Europe’s online merchants are unaware of strong customer authentication (SCA) requirements, due to come into force in September under the continent’s revised Payment Services Directive (PSD2). Of those who are aware of the rules, only 40% feel they will be compliant by the deadline. Both statistics point to serious change in the payments industry, say market participants. 

Noncompliance is no small infraction. It could mean the forfeiture of a payment provider’s license. For merchants, going into SCA ill prepared—to return to Visa’s earlier point—can lead to cart abandonment, which can cause a significant drop in sales.

Amid concerns, Finextra sounded this hopeful note: 

It’s not the first time Europe pioneers new standards in payments that reconcile security and convenience. Consider how it rolled out EMV standards over a decade ago to make chip and pin more or less ubiquitous on the continent, while the US is still playing catch-up to this day even. 

Speaking as a yank, I wish to respond to that statement about the U.S. playing catch-up: Ouch.

Posted in Uncategorized by Matt. No Comments

Whatever happened to …

MissedNow and then comes an innovation poised to change the world. But then years pass, and suddenly someone says, “Whatever happened to …”

That’s when we realize that, contrary to expectation, no one really wanted Crystal Pepsi, a Segway, an Apple Newton (the handheld device), an Apple Newton (the cookie), or Chippy after all.

Marketing research firm NewProductWorks maintains a museum of failed products in Ann Arbor, Michigan. Last count, it boasted some 140,000 exhibits. Open only to NPW clients, it serves as a monument to What Not to Do. Not an NPW client? No need to fret. Museum of Failure, aka MOX, keeps smaller collections open to the public in Sweden and Los Angeles.

While a variety of casualties litter the failed product graveyards, the remains of relatively few payment systems are to be found among them. That could be because the category is a relative newcomer compared with, say, packaged cereals. It could also be because other companies may cart off the body and use it for parts.

Take, for instance, CurrentC, part of Merchant Customer Exchange, or MCX for short. Created in 2011, MCX promised a much-anticipated antidote to Visa’s and Mastercard’s interchange rates. It was no small enterprise. Nicholas L. Johnson reported for Applico that participants included …

Walmart, Target, Best Buy, CVS, Shell, Olive Garden, Lowes, Michaels, Sears and more. Collectively they operated more than 110,000 retail locations and processed $1 trillion in payments annually … CurrentC would work through bank accounts and ACH transactions to enable payment processing at a much lower cost. The app would also incorporate retailers’ existing loyalty programs and provide them with more data on their consumers.

CurrentC failed out of the chute. With hindsight, the reason seems obvious: CurrentC filled a need for merchants but not for consumers. To the latter, CurrentC was just another credit card in an already cluttered field. You won’t, however, find a decaying CurrentC corpse in any graveyard or museum. In early 2017, Chase took possession of CurrentC’s remains in order to incorporate some of its technology into its own payment app.

Still, there are some deceased payments systems lying around on the battlefield. One of these would be Eaze, which bellyflopped upon its 2014 launch, as reported by PaymentsSource. The bellyflop may have had something to do with the fact that Eaze’s hardware relied on none other than Google Glass. A $1500 price tag placed the gadget out of reach for many, while increasing numbers of venues banned the geekish goggles for fear of wearers taking surreptitious videos. Unaffordable and unwelcome, Google Glass departed consumer shelves, leaving Eaze to wither and die. (It didn’t help that Eaze read QR codes. You don’t see those widely used these days, either.)

Another failed payments product would be Blippy. I suppose you could have called it an attempt at a social credit card. With each use, it automatically posted to its own social media site what you bought, where you bought it, and what you paid for it. Before you scoff at the idea, consider the number of people who seem to think that you and I are eager to see the meal they’re about to consume in their favorite restaurant. Blippy went into beta testing toward the end of 2009 and wasn’t heard from again. It seems that consumers are more interested in looking at pictures of food and kittens than in knowing what you just paid for a swimsuit at Abercrombie.

You may recall much ado about Pay By Touch. It was exactly what the named implied: A point-of-sale keypad using fingerprint ID to access shoppers’ credit cards. PaymentsSource reported that Pay By Touch “… filed for bankruptcy in late 2007 after failing to meet payroll obligations, and shut down its payment system in March 2008 …” possibly because it was “… too far ahead of its time.” In this, PaymentsSource may have erred on the side of generosity. Digital marketing agency Single Grain CEO Eric Siu wrote for Forbes that Pay By Touch founder John P. Rogers …

… began throwing outrageous parties and even offered drugs to coworkers. He was accused of sexual misconduct. He allegedly wanted to hire and offer shares of stock to attractive women he met on the street … Despite an absolutely brilliant business idea and all the talent, money and direction needed to see it succeed, Pay By Touch was reduced to rubble by a single bad egg in the basket. Rogers was a con man. 

Finally, Robinhood deserves mention. Having succeeded at eating brokerages’ lunch with its commission-free investment model, Robinhood decided to challenge banks head-on. This they did at the end of 2018 when they announced checking and savings accounts that were not only free but would earn about 30 times the interest rate that banks were paying at the time. Trouble was, the accounts weren’t insured by the FDIC but by the SIPC, and Robinhood hadn’t troubled to inform the latter of its plans. Though not required, looping in the SIPC is prudent. Taken by surprise by the Robinhood announcement, SIPC president and CEO Stephen Harbeck publicly voiced “serious concerns.” UBS analyst Brennan Hawkins called Robinhood’s new products “significant overreach.” Robinhood immediately withdrew the products, with co-CEOs Baiju Bhatt and Vlad Tenev blogging, “… we realize the announcement may have caused some confusion.”

I always look forward to the next innovation. Here’s hoping that more fly than flop.

Posted in Uncategorized by Matt. No Comments

Facebook Bank,
& Trust Issues

Calibri et alBy the time my youngest is old enough to ask me what a bank is, you can bet I won’t have a concise answer. Were I to give it a stab right now, it might go something like this:

“That toy pig on your shelf, the one with a cork in its belly, that’s a bank. That building over there? That’s a bank, too. Except, a bank doesn’t need a building. Or a pig. It’s a bank if it stores or moves currency, or something that isn’t actually currency but acts like it. This app here on my phone, for instance, is a bank. So is this website. Except, they’re not banks in the physical sense. But they function like banks, so we sort-of call them banks. Or non-banks. Or fintechs … You look confused. Are you sure don’t want to ask me something that’s easier to talk about? Like, say, where babies come from?”

Likewise, I’m not sure I’ll have a ready answer for, “What’s social media?” For Exhibit A, I submit Facebook, which just announced plans to add bank to its existing definition, a place where you upload pictures of food, comment on and share articles after skimming the headline, and tell advertisers more about yourself than you realize.

I refer, of course to Facebook’s soon-to-be launched subsidiary, Calibra. According to its website, Calibra promises to be “a connected wallet for a connected world,” a “new way to save, send and spend,” and a “new currency for the world.” Moreover, Calibra promises smooth, secure, near-instant worldwide P2P, along with limited access for small merchants. 

It appears that the claims are not mere hype. Calibra may actually be and do all of these things. The secret sauce behind its speed, international capabilities, and security is its proprietary cryptocurrency Libra, which, according to the Calibra website …

… is a global cryptocurrency built on the foundation of a blockchain (the Libra Blockchain). Libra is fully backed by the Libra Reserve, a collection of currencies and other assets used as collateral for every Libra that is created, building trust in its intrinsic value. 

Money deposited in or transmitted through Calibra is converted to Libra. When withdrawn or delivered, it’s converted back. As of this writing, Calibra plans to charge “low-cost and transparent” transaction fees, “… especially if you’re sending money internationally. Calibra will cut fees to help people keep more of their money.”

According to Finextra, Facebook will “… manage the payments internally rather than relying on payment processing partners as it has done in the past.” It adds that Facebook’s global currency backers include …

… Visa, Mastercard, Paypal, PayU and Stripe; e-commerce companies eBay, Booking Holdings, Farfetch, Lyft, Mercado Pago, Spotify and Uber; telecoms companies Iliad and Vodafone; blockchain services Anchorage, Bison Trails, Coinbase and Xapo Holdings and a number of venture capital firms and NGOs. Notable absentees from the roster of backers include Google, Amazon and Apple and incumbent banks which are reportedly concerned about logistics and regulation.

Though Calibra is a Facebook subsidiary, it will operate independently. That’s smart operations and smart marketing, given recent scrutiny of Facebook regarding data collection and distribution, security, voting manipulation, and other issues. It’s also smart from a regulatory standpoint. As reports:

Facebook’s Tuesday (June 18) news of the launch of its Libra cryptocurrency was heard around the world, and the Group of Seven (G7) nations definitely noticed, with the coalition calling for an investigation into the supposed risks of cryptocurrencies and how they would affect the current financial system, according to a report by The Financial Times. The G7 wants to create a working group that will investigate how to make sure that there are proper controls against the threat of money laundering with cryptocurrencies as well. Also participating in the working group will be the International Monetary Fund.

Not everyone is ready to sing Calibra’s or Libra’s praises. “It’s shady as hell,” writes deputy editor of The Verge Elizabeth Lopatto in her well-written, well-researched, enjoyably sarcastic-as-hell if not overly negative analysis. She spends some time debating whether it’s technically correct to call Libra a cryptocurrency, finally concluding, “… there is no stable definition of ‘cryptocurrency,’ so I am going to just call Libra a cryptocurrency for the sake of ease and keep it moving. If you’d like to put an asterisk on that, I can’t blame you.” Beyond that, her main concerns seem to be that Calibra will likely return a profit to Facebook (um, that’s kind of the American way), that she’s not so sure she trusts the technology, and that she doesn’t much care for Facebook founder and CEO Mark Zuckerberg. 

University of Chicago Law School professor Eric Posner isn’t terribly encouraging, either. Writing for The Atlantic, he warns, “Libra will almost exactly replicate all the problems generated by Facebook’s social network. Those problems can in turn be traced to the central paradox of Big Tech: The technological innovation that is supposed to liberate us from government ends up subjugating us to a handful of corporations.”

Yet surely Lopatto’s and Posner’s concerns have occurred to and will be looked into by the G7, not to mention by Maxine Waters, who chairs the U.S. House Committee on Financial Services and recently announced new task forces on financial technology and artificial intelligence.

Calibra will certainly have an ace up its sleeve come launch time in the form of 2.4 billion Facebook users, a number that’s likely grow between now and then. Most Facebook users appear unfazed by concerns raised by the media and the United States Congress, as shown by their continued, blithe uploading of food pictures, sharing articles after skimming the headline, and telling advertisers more about themselves than they realize. When (if) Facebook becomes a bank, there’s little reason to expect that to change.

Posted in Uncategorized by Matt. No Comments

The unbanked,
the pre-banked,
and the underserved


Are we overlooking anyone?

It’s no wonder that to many consumers a bank is a bank is a bank. A regulated banking environment all but disallows substantial differentiation. Setting apart a financial institution in consumer minds is no easy thing. 

For a while, rewards programs presented as a would-be panacea, but these days such seem largely to have morphed into lookalike programs. Moreover, frequency and loyalty are not synonyms. If a compelling rewards program can hold a client, a more compelling one can pull a client away. That’s not loyalty.

Real loyalty is an emotional attachment. One way to foster that kind of attachment is through the personal banker-client relationship. But on that, digital banking is taking an increasing toll. Loyalty also results from longevity, for we humans are creatures of habit. We tend to stick with what’s comfortable and familiar. But, how to create longevity? Rather implicit in the word is that it tends to need a certain length of time to unfold. It relies on landing clients at the outset of their lifetime as a financial services client.

There may exist a new longevity opportunity with the unbanked—a number that Business Insider puts at two billion—and with the underserved.

In many cases, “unbanked” is something of a vicious circle. A good number of the unbanked have little or no money or assets, so it’s not surprising that banks wouldn’t actively pursue them; yet one of the reasons they haven’t much in the way of assets is that they’re unbanked. Business Insider continues:

Financial inclusion has been seen as key for reducing poverty: bank accounts have an important part to play in the founding and expanding of businesses, making transactions more efficient, secure and transparent and managing savings.

Helping the unbanked prosper is a noble goal in its own right. But it may also present a longevity opportunity, that is, a loyalty opportunity with a population historically overlooked by financial institutions. For that matter, “unbanked” doesn’t necessary mean “no money.” A good number of unbanked have plenty of money but simply transact in cash.

Among others, JPMorgan is rising to the call. According to Reuters

JPMorgan Chase & Co on [March 18, 2019] began offering checkless accounts with access to its mobile app, branches and ATMs for $4.95 a month and no minimum balance. The accounts come with debit cards, digital payments and free check cashing, but do not allow overdrafts … Thasunda Duckett, chief executive of Chase Consumer Banking, said she hoped the new accounts will attract more low-income individuals and people who have never had bank accounts.

Another unbanked, or, technically, “pre-banked” population is teenagers. The not unreasonable assumption that teens eventually become adults suggests that an opportunity resides within that population for initiating a relationship and building longevity. Consider the forthcoming app, Step. As reported by Finextra:

The brainchild of Gyft co-founder CJ MacDonald and Square veteran Alexey Kalinichenko, Step is building a mobile-based bank account—held with Evolve Bank—specifically designed for teens that is interest bearing and has no hidden or overdraft fees.

Step has already racked up a waitlist of over one-half million eager teens. Linked to Mastercard, the app “… lets users send and receive money instantly, shop online or in-store as well as use Apple Pay and Google Pay.” Parents are looped in and have oversight.

Step’s timing is interesting, given that JPMorgan just bailed on Finn, similarly targeted to teens. Yet the financial giant hasn’t jettisoned the teen market. Rather, according to Market Insider, the plan is to “focus on attracting millennials through Chase, its primary consumer brand. The existing Finn customers will be transferred to Chase accounts.” Sankar Krishnan of consulting firm Capgemini, as quoted by Forbes, agreed that “… the Chase mobile app has excellent features and functionality and has enjoyed considerable success” and, therefore, “it does not make sense to operate two parallel apps and that could be one reason for ending Finn.”

Meanwhile, Amazon and Synchrony Financial have joined forces on a new, secured Amazon Credit Builder card for people with lower credit scores. Cardholders deposit $100 to $1,000 dollars, which is refundable, and which determines the card limit. Finextra reports, “The card could bring millions of people into Amazon’s orbit. According to a Fico survey, 11 percent of Americans has a credit score below 550.” The unbanked are not an exclusive or possibly not even an intended target, but surely a good many unbanked exist among those millions and may in the end prove grateful and loyal.

Another population that isn’t necessarily unbanked but could use assistance is people with limited use of fingers and hands. To them, touchpad apps are a challenge whereas voice payment technology can be a godsend. I’m not suggesting that Amazon and others at the forefront of voice payment technology have the disabled in mind, however, there are some 30 million in the United States alone who “… have a disability in their hands and/or forearms, including paralyzations, orthopedic impairments, either congenital or injury related.” Again, this is an underserved population that may prove loyal to the first financial services provider that makes life easier for them.

Some services target the traditionally unbanked and underserved, while others not specifically targeting them may reach them incidentally. In an ideal world, the culmination will be an overall rise in prosperity.

Posted in Uncategorized by Matt. No Comments

Reasonable imitation of empathy

Facing BriansI worked for a man who stopped by a drive-up coffee hut each morning on his way to the office. Upon seeing his car pull into the lot, the barista set about preparing his coffee so it was ready when he reached the window. The barista greeted him by name. Every eleventh cup was free, but knowing my boss didn’t like punch cards, the barista kept track for him.

More than once my boss wondered aloud how to get our organization to consistently deliver a like level of personal service across the board. The answer was, we couldn’t. The coffee hut was a one-off business, the barista was the owner, and she cared about customers the way only owners do.

It is the bane of every growing business—how do we get hundreds of employees in hundreds of locations to care the way the boss cares? The traditional approach has always been to invest in training programs and hope they work. (“Why not just hire polite people?” a training video scriptwriter of my acquaintance asked. The HR director replied, “When you need to keep over a thousand teller positions filled, you take warm and breathing and hope you can teach them manners.”) 

But zeros and ones may be poised to deliver a reasonable imitation of genuine customer care. I refer to MasterCard’s recently announced Innovation Engine. It …

… serves as a hub for the enablement of varying digital solutions, the first of which provides highly personalized and contextually relevant cardholder experiences.

In plainer English, Mastercard’s new software can quite literally know when your car is on approach, remember how you take your coffee, and keep track of your rewards points for you. Indeed, a photo in Mastercard’s press release shows a customer, fresh coffee in hand, viewing a text that reads, “Looks like this is your favorite spot. Want to make your coffee free every morning using your points?” 

Mastercard created the Innovation Engine in collaboration with Flybits and Kasisto. At its heart of is “… contextually-relevant and personalized digital engagement and servicing.” According to Mastercard,

The data contextualization capabilities of Flybits, and the conversational capabilities of Kasisto enable personalized offerings and experiences to be delivered to the right customer at the right time, providing value to today’s digitally-savvy consumer while also helping issuers and merchants reduce costs.

A Flybits press release quotes Kasisto CEO Zor Gorelov:

Kasisto’s differentiated digital conversation platform helps banks and merchants personalize how consumers explore and understand the rewards and benefits tied to their card.

The Innovation Engine promises to let consumers use any payment card on any device, make near-instant P2P and other disbursements, access trend and sales data faster than government and other services, measure digital media campaign effectiveness, and rate transactions as to likelihood of fraud.

The concept of machine-enhanced labor has been around since 1875 England, when mechanized looms took over work until then performed by artisan weavers. This led directly to the rise of the Luddites—rhymes with “Bud Lights”—a secret society whose mission was to destroy machinery. Today, Luddite is used to refer to anyone opposed to technological advance of any sort.

But great customer service has always depended on the ability to put Oneself in The Other’s shoes. In short, empathy. It takes empathy to understand a customer’s point of view, infer needs, sense moods, and discern the intent behind a question in order to respond appropriately. Empathy is a hallmark of social creatures like humans, canines, cetaceans—even vampire bats!—but to date it eludes even the most powerful AIs. 

But given sufficient data, it’s possible to correlate most-common behaviors with most-common needs and preferences, and to correlate most-common needs and preferences with most-common desired responses. 

Like, for instance, having your coffee ready for you when you show up at the window and keeping track of your points. 

Which, from the customer’s view, can look a lot like empathy.

Who knows? Technology may yet meet my former boss’s challenge. It might not be a stretch to suggest that Mastercard’s Innovation Engine aspires to simulate caring as if it owns the place.

But I cannot resist taking it a step further. The day is probably not far off when consumers will dispatch AIs of their own to do business on their behalf. I wonder if consumer AIs will be able to tell they’re dealing with merchant AIs. 

It could be a whole new level of Turing Test.

Posted in Uncategorized by Matt. No Comments