The Winning Mobile Wallet Solution

CompanionPaperand RetailerInteroperability Achieving Successthrough FinancialInstitution WALLET SOLUTION THE WINNINGMOBILE ACH Loyalty Customers NFC Account App Data Experience Credit Debit Cards Flexibility Payments Engagement POS Sales

About “The Winning Mobile Wallet Solution” This white paper is the result of the collaborative and transparent efforts of the members of the Payments Innovation Alliance Mobile Wallet Team. The paper is divided into two parts: the white paper itself and this highly technical companion piece that provides the detailed explanations behind the conclusions in the main white paper. The paper covers the function and value of financial institution and retailer-branded domestic mobile wallets, explores the issues surrounding tender reciprocity between financial institutions and retailers, and discusses how ACH can be leveraged to empower mobile wallets.

About the Payments Innovation Alliance Mobile Wallet Team The Mobile Wallet Team is an initiative of the Payments Innovation Alliance, designed to enable stakeholder companies and the broader mobile payments community to leverage an “open” acceptance platform that includes support for retailer- and bank- branded mobile wallets for electronic payments. Mobile Wallet Team members seek to provide historical perspective and thought leadership about the potential for mobile wallets and lead the industry and the marketplace through collaboration to address key topics and concerns related to advancing the security, value, adoption and interoperability of mobile wallets.

About the Payments Innovation Alliance The Payments Innovation Alliance, a membership program of NACHA — The Electronic Payments Association®, brings together diverse, global stakeholders to support payments innovation, collaboration, and results through discussion, debate, education, networking, and special projects that support the ACH Network and the payments industry worldwide. The Alliance brings together content and focus across all payment areas, including emerging payment technologies, electronic billing and presentment, mobile, payment security/risk, check conversion and global payments. Membership includes organizations of all sizes and spans the payments industry spectrum.

This paper is intended for educational purposes only. It should not be relied upon for legal advice. Readers should consult attorneys for legal advice.

2 © 2016 NACHA – The Electronic Payments Association. All rights reserved. Acknowledgements This paper was developed with the collaboration of many stakeholders. The Payments Innovation Alliance would like to acknowledge its members who provided recommendations and expertise during its creation.

Access Softek, Inc. Fiserv Accuity HSBC Bank USA, NA ACI Worldwide IBM ADP, LLC Javelin Alliance Data Systems, Inc. National Credit Union Administration American Bankers Association Navy Federal Credit Union American Family Insurance OmnyPay BIM PayPal Board of Governors of the Federal Reserve System Pillsbury Winthrop Shaw Pittman LLP Boy Scouts of America Prairie Cloudware City National Bank RSA, The Security Division of EMC CGI Technologies and Solutions SHAZAM, Inc. Commerce Bank SunTrust CO-OP Financial Services Target CU Wallet TD Bank, N.A. Desjardins Group The Home Depot Dollar Bank, FSB TSYS Dovetail U.S. Department of Treasury, BFS EastPay, Inc. Upper Midwest ACH Association Elavon WACHA Federal Reserve Bank of Atlanta Webster Bank FIS Western Payments Alliance

Additionally, the Payments Innovation Alliance would like to extend a special thanks to the Crone Consulting team, Richard Crone and Heidi Liebenguth, for their significant efforts to develop this white paper.

Note: The views presented in this white paper do not necessarily reflect the individual views of each member of the Mobile Wallet Team, the entities or organizations that employ the members of the Mobile Wallet Team, the Payments Innovation Alliance Leadership Team, or the individual Alliance member organizations.

What is a Mobile Wallet? A mobile wallet is a secure application for initiating payments on a mobile device. It can take many different forms depending on the issuer of the mobile wallet, the account provisioning and access technology deployed, and the purchase venues or market segments being addressed. For example, there are many purchase scenarios, the largest of which include the physical point of sale (POS), traditional desktop electronic and mobile commerce through a browser, mobile in-app purchases, bill payment, and person-to-person (P2P) transfers. This paper will focus on how mobile wallets will enhance the in-store experience.

The mobile wallet is a consumer-facing application for managing payment types, typically with the ability to access many different payment types and funding accounts such as open-loop, financial institution-issued debit, general purpose reloadable (GPR) prepaid debit and credit accounts, as well as private label, merchant-issued credit, pre-paid or stored value, and direct debit accounts.

Mobile wallet functionality can be rendered as a standalone payments app such as PayPal, Apple Pay, Android Pay, and Samsung Pay. It can also be a plus-one feature integrated into bank-branded mobile banking applications such as Capital One or into retailer-branded mobile shopping apps such as Starbucks. Another rendition of a mobile wallet might be characterized as a pre-authenticated “buy button” or embedded payment option such as PayPal One Touch, Visa Checkout, MasterCard MasterPass, or Android and Apple Pay, residing inside other apps, e- and m-commerce websites, biller direct bill payment sites and the like. Another version merely subsumes the payment into the customer experience, with no interruption or separate payment authorization step such as the Uber ride-sharing app.

Because successful shopping results in a sale and accompanying payment, the mobile wallet is a compelling vehicle for enhancing the shopping experience before, during and after a purchase by providing a new online, real time, in-context connection with the user. The mobile wallet possesses the potential to be much more than payment, as it sets the stage for a whole new set of value-added services for the issuer of the app. In this regard, the mobile wallet is really a new customer service, communications and marketing platform for the issuer.

As we will explore later in the business case sections of this paper, Crone Consulting LLC estimates the annual gross revenue that could be generated from a mobile wallet can be as much as $300 per user per year. This could be as much as two times the annual gross revenue generated from a typical demand deposit account (DDA) for a financial institution or nearly equal to the gross revenue of the typical credit card account. It could be more than 10 times what the typical search engine-based or enrolled social platform generates in gross revenue per enrolled user per year.

The marketing platform potential is game-changing and disruptive to traditional forms of payments, offers, promotions and advertising, and for this reason merchants, financial institutions and new entrants are pursuing the issuance of their own mobile wallets. But as we will see in the next section, there are many interdependencies required to launch a mobile wallet and new payment types. 4 © 2016 NACHA – The Electronic Payments Association. All rights reserved. Issuers of Mobile Wallets and the Dependencies of a Multi-Party Market Payments is a multi-dependent market, which means to initiate a new payment product or service offering, one must also gain the support and integration of many entities beyond the deploying mobile wallet platform. Making a mobile wallet available to consumers is not enough; to drive adoption by consumers the wallet must be convenient and provide some sort of incentive or value add. In addition, there must be merchant acceptance of the mobile wallet and the access technology it is deploying such as Near Field Communications (NFC), bar codes, Bluetooth Low Energy (BLE), presence detection, or ultrasonic.

At its very simplest, the two dependent groups in payments are issuers and acquirers. On one side, payment accounts are issued to consumers or businesses. But these accounts are only useful if the locations where the consumers or businesses want to shop (the acquisition side) accept those payment types and processing methods. Issuers of payment accounts are generally characterized not just as financial institutions for debit, prepaid debit and credit accounts, but also retailers, as the issuers of private labeled, closed-loop prepaid debit, direct debit and private labeled credit accounts. In the case of mobile wallets, issuers can be financial institutions, retailers and third party intermediaries such as mobile phone handset manufacturers, wireless carriers, payment networks, technology companies, new entrants and a whole host of others yet to be named or revealed as of this writing.

In reality, the two party market between issuers and acquirers is quite complex with many multi-dependent infrastructure providers and supporting processors. Examples of the many possible dependent stakeholders in the mobile payment processing value chain include:

Acquiring Stakeholders Issuing Stakeholders Retailers Financial Institutions Enterprise Resource Planning (ERP) Core processors to financial institutions vendors to retailers such as Oracle, such as FIS, Fiserv, etc. SAP, etc. Private label issuer processors to retailers Open-loop payment brands and such as Alliance Data, Synchrony Financial, networks such as Visa, MasterCard, Capital One Private Label, etc. Discover, American Express, etc. POS terminal manufacturers such as Issuer processors such as First Data, Verifone, Ingenico, etc. TSYS, etc. Payment gateway providers such as AJB, TSPs such as Visa Digital Enablement ACI, S4, etc. and systems integrators Program (VDEP), MasterCard Digital Enablement Service (MDES), etc. Merchant Acquirer Processors (MAPs) Near Field Communications (NFC) and Secure Element (SE) semiconductor manufacturers and systems integrators Cash management services provided by Mobile smartphone handset banks to retailers manufacturers TSPs for digitized private label payment Wireless carriers credentials

© 2016 NACHA – The Electronic Payments Association. 5 All rights reserved. The primary challenge for initiating a mobile wallet is whether to integrate with the existing stakeholders and processing standards or harness the full and disruptive potential of mobile by creating new payment methods, clearing procedures and settlement networks. However, whether integrated with or replacing existing providers, processes and procedures, the fundamentals of deploying new payments types rests on the shoulders of retailer acceptance. In other words, although this is a multi-dependent market, all new payment types start first with merchant acceptance. Knowing this sets the stage for analyzing the business case and return on investment for mobile wallets and embedded payments. Mobile Wallet Business Case

The Business Case and Return on Investment (ROI) for Mobile Wallets & Embedded Payments The motivation, business case and ROI for mobile wallets and embedded payments extends far beyond the original cost reduction benefits pursued by the early entrants to Internet and mobile customer self-service platforms. The investment to embed mobile payment into an existing mobile app, be it mobile banking for a financial institution or the shopping app of a retailer, could be cost justified alone by protecting and extending the mobile touchpoints and active use goals for the app. But the real upside and business case for mobile payment comes from instant, relevant engagement that deepens a loyal relationship with customers in-context, and uses mobile touchpoints to deliver new, opt-in and tailored solutions that will improve their lives. This is the real win-win-win-win between financial institutions, retailers, new entrants and consumers.

It is from this premise that the business case and ROI of mobile payments is built across the following two points of view (POVs) and various dimensions. Each of the nine ROI drivers below can be equally applied to a financial institution or retailer issued mobile wallet.

Processing, Acquiring and Cost Efficiencies Mobile Wallet Issuing Upside Payment account aggregation Protecting and promoting mobile moments and brand across the Five Mobile Trigger Points™ Gross Merchandise Value (GMV) In-context data feeds with machine regardless of tender type used learning and artificial intelligence Tender steering, least cost routing and Data-driven customized, opt-in payment selection optimization advertising, promotion and offers Greater security, multifactor New payment types with alternative authentication and reduced fraud clearing and settlement options Customer Relationship Management (CRM) and loyalty platform

The ROI applies to merchants and financial institutions regardless of size. Smaller retailers and financial institutions can utilize providers of white labeled options. For example, a simple white labeled mobile wallet for a retailer could be used to manage gift cards or loyalty punch cards, and also provide a platform for distributing gift cards through bank-branded wallets.

Payment Account Aggregation Depending on the technology deployed and the issuer processors involved, one of the potential benefits of a fully featured mobile wallet is access to multiple tender types regardless of issuer. The business case for payment account aggregation centers on a key gating factor: enrollment. The entity that secures the enrollment of multiple disparate accounts, decoupled from the original entity that provisioned the account, be it financial institution or retailer private label, controls the user interface (UI) and subsequent benefits from monetizing the active use of a mobile wallet.

The issuer of the mobile wallet will be a party to all payments initiated from its platform and thus can benefit from the interpretation of the big data (e.g., location, merchant proximity, etc.) derived combined with the knowledge of those transactions, regardless of tender type.

Payment account aggregation maximizes the potential of a mobile wallet, not just for payments, but as a new servicing and marketing platform that connects with customers in-context. The issuer of the mobile wallet that supports multiple tenders, regardless of issuer, can maximize all the other business drivers outlined below, especially GMV, tender steering and least cost routing, CRM and loyalty, in-context data feeds with machine learning and artificial intelligence and data-driven customized, opt-in advertising, promotion and offers.

The metric used for quantifying the financial value of payment account aggregation will be the average total number of registered payment accounts per mobile wallet user. Of particular interest to financial institutions and retailers will be the number of open-loop versus closed-loop accounts enrolled and utilized, and the average sale per tender type among other traditional measurements by the account issuer.

GMV Regardless Of Tender Type Used The new primary metric to judge the success of mobile wallet platforms will build on payment account aggregation. Gross Merchandise Value (GMV) is used currently by online marketplaces such as eBay and Alibaba as the primary measure of active use and total transaction revenues. GMV is used as a primary measurement because in general, the marketplace is not the original service or product provider, and is merely facilitating sales on the behalf of others, regardless of product manufacturer, service provider or brand. A mobile wallet also serves as a marketplace for activating and redeeming offers and making payments from a variety of tender types across a number of payment account issuers. Whereas each payment account issuer is judged by the total spend on its account, the mobile wallet’s active use and success will be judged by the gross merchandising value, offer activity or total sales facilitated by its platform.

GMV itself is one of the overarching metrics for quantifying the financial value of a mobile wallet. Mobile wallet issuers will use it in establishing provisioning tolls on original account issuers and other activity-based measures that all have their genesis in GMV as will be shown in later sections.

© 2016 NACHA – The Electronic Payments Association. 7 All rights reserved. Tender steering, least cost routing and payment selection optimization If the mobile wallet supports multiple payment options, the issuer of the wallet also possesses the potential to influence and motivate the user to select and use their preferred tender. The one who enrolls the customer for their mobile wallet controls the opportunity to provide the scripting, incentives and other techniques for enticing the consumer to use their preferred tender. For example, a financial institution-branded mobile wallet might feature more prominently the credit account over the debit account for mobile payments in order to maximize the revenues from interchange and outstanding balance interest and fees. The opposite is true for a retailer-issued and merchant-branded mobile wallet, where they would be more likely to promote the use of lower cost tenders such as their own private label payment options or Personal Identification Number (PIN)-based or direct debit options. In this way, the retailer is using a form of least-cost routing, starting by influencing the user experience in favor of the lower cost tenders, in addition to lower cost clearing and settlement options that may be available to them behind the scenes at the processing or payment gateway level. The ultimate choke point for tender steering is to simply not support a particular account, payment brand or issuer within a mobile wallet platform. Examples of this would include the Starbucks Mobile Payment app, which only supports its own proprietary, private label prepaid debit account; Visa’s bank-branded mobile wallet, that only allows Visa-branded accounts; or the Merchant Customer Exchange (MCX) CurrentC mobile app, that in its initial pilot only supported an ACH- based debit option and retailer-issued private label accounts.

The financial value of tender steering can be directly measured by the individual usage volume and spend on the preferred tenders. Account spend and the existing metrics such as interchange, processor and network “take rates” that support the use of that tender, and the difference compared to other available payment options, drives the ROI of tender steering and least-cost routing.

Greater Security, Multifactor Authentication and Reduced Fraud The mobile wallet itself is a unique security token, which when combined with multifactor and out-of-band authentication, yields a greater level of security and ability to reduce fraud than cards with magnetic stripes, PINs and even chip cards. There are at least three factors of authentication that can be applied to the authorization and validation of mobile payments:

• Something you have: the unique hardware fingerprint of the device itself as identified by the mobile number, firmware level of each component, version, provisioning wireless carrier, device manufacturer and model, serial number, International Manufacturer Equipment Identifier (IMEI), Universal Device Identification (UDID), Integrated Circuit Card Identifier (ICCID), Subscriber Identity Module (SIM), geo-location of activity, etc.

• Something you know: user name, passmark and password and/or PIN. Out-of-band verification can also be supplemented at this level such as when provisioning a standalone third party mobile wallet such as Apple Pay or Samsung Pay where an account issuer requires additional input or dynamic input of a verification sequence outside the existing device where the mobile wallet is being provisioned.

It is the combination and utilization of these multiple factors of authentication in a dynamic and ongoing way that allow mobile payments to have a higher degree of security and less fraud than today’s plastic cards.

This increased security should translate to lower interchange costs for retailers, but currently lower costs only apply to mobile payments utilizing the card brands proprietary tokenization schemes. Retailers accepting mobile payments would be justified in requesting “card present” rates (or better) for all mobile payments, as they are shown to be more secure than a physical card swipe. These lower rates may ultimately apply to in-app or other mobile payments for e-commerce, which currently trigger “card not present” higher interchange rates.

Of course, even with tokenization of credentials and the multi-factor security of the mobile device, account issuers must take care to fully authenticate the account holder before the credentials are provisioned and paired with that mobile device. In the early days of Apple Pay, several banks saw increased fraud rates due to sloppy initial authentication procedures that allowed thieves who gained access to stolen credit card credentials to provision them on their own mobile phones. With better confirmation of the account holder’s identity and matching to the on-file mobile number, this increased fraud has been greatly reduced.

The ROI can be quantified by the actual transaction fraud perpetrated in light of these additional controls versus that of traditional card-based authentication and security measures. Dynamic multifactor authentication tying a tokenized payment credential to a specific device and person should provide greater security and reduced fraud.

CRM and Loyalty Platform With a mobile wallet you have two primary means to improve any CRM, whether for a financial institution or a retailer, and that is 1) an authenticated user, and 2) a dynamic, two-way communications platform with that known user.

Financial institutions, by their very nature have a CRM, as they must comply with Know Your Customer (KYC) laws, but that is not necessarily the case for retailers. The majority of retail transactions are conducted anonymously without any knowledge of the customer. For this reason, many retailers lack a CRM, and without a formal loyalty program or private label payment offering, lack the input and communications points necessary for a CRM.

That changes with a mobile wallet, as it establishes a basis for CRM and loyalty as a byproduct of the payment registration process. Even if a merchant does not issue its own retailer-branded mobile shopping app and wallet, it can still benefit from the CRM of other mobile wallet issuers, if those mobile wallet issuers are willing to share the data with the retailer. Whoever enrolls the wallet user is the one who has the known customer credentials for triggering CRM activation and interaction.

© 2016 NACHA – The Electronic Payments Association. 9 All rights reserved. As described above, multifactor authentication is applied to every transaction before it is ever initiated with the merchant. But depending on the mobile wallet technology deployed and the logical scheme utilized, the merchant may or may not have the opportunity to identify a pre-enrolled customer. The entity that provisioned the original funded account must apply KYC requirements to open a payment account. The combination of the two connected to a CRM and loyalty platform provides a degree of integrity not previously available to financial institutions and (especially) retailers.

The ROI of CRM and loyalty from a retailer’s perspective is driven by generating One More Item (OMI) and One More Visit (OMV). The most profitable retailers know the impact of OMI and OMV from their most loyal customers and highly value the opportunity to influence these two factors in a relevant, opt-in, preference-driven fashion with those customers. The mobile wallet provides such a platform. Financial institutions and standalone mobile wallet providers can extend Application Programming Interfaces (APIs) and integration with retailers’ POS, private label payment, loyalty and ERP systems to provide the CRM input points used to manage the programs for OMI and OMV.

The ROI benefit of mobile wallet-enhanced CRM and loyalty programs can be directly measured by the OMI and OMV metrics of a retailer’s average item dollar value, basket value, and payment account spend.

Protecting and Promoting Mobile Moments and Brand Across the Five Mobile Trigger Points™ By its nature, payment is the connecting tissue that binds the consumer to the ultimate goal of the shopping experience. Integrating payment with mobile apps that enhance the shopping experience and extend financial services in-context, wherever the customers find themselves, holds great potential for redefining when, how and why consumers engage with service providers, be they financial institutions, retailers or other information enhancement servicers. As we analyzed above, mobile payment provides the ultimate identifier for CRM, and for the issuer of mobile and embedded payments, it can serve as a new platform for delivering branded mobile moments. The mobile app with mobile payment is positioned to be the new front door to the retailing and shopping experience. Providers of mobile wallets and embedded payments are equipped to benefit greatly from not just payment, but being positioned in very close proximity to the big data feeds and user interface before, during and after payment. A mobile wallet issuer’s commitment to mobile payment will ultimately enable the enhancement of its services in-context, regardless of platform or proximity, creating true omni-channel, CRM-driven marketing and value-added services throughout the entire sales lifecycle. Crone Consulting LLC refers to this new mobile-enabled sales lifecycle as the Five Mobile Trigger Points™:

1. Discovery, locating and navigating 2. Presence detection, check-in and data-driven personalized offers 3. In-store enhanced customer self-service 4. Mobile payment and check-out 5. eReceipts, post-sale promotions and social sharing

1. Discovery, locating and navigating – Discovery is one of the game-changing aspects of mobile. It is more than just using the mobile device to find and navigate to the store or access financial services in-context through a mobile banking app. It involves the discovery and locating of products, services, and information, and the navigation leading up to eventual purchase or financial service. If customers download and use a retailer’s app, that retailer can present the promotional incentives directly to their customers versus paying for placement and competing with others on a search engine screen. Both are viable ways to help customers locate the retailer and its products, but a merchant’s own app provides a direct, opted-in dialog with the customer. Shopping lists, for example, magnify the discovery process. When controlled by the retailer, they provide a forward view to actual purchase intent before the customer ever enters the store. This advance knowledge can drive efficiencies in supply chain, merchandise distribution and staffing.

2. Presence detection, check-in & data-driven personalized offers – If customers use a retailer’s shopping app or mobile wallet to check in upon arriving at the store, the merchant can present the offer personally to them based on their opt-in preferences. If a third party intermediary performs this function, they may offer to broker back the check-in data to the retailer, for a fee, without necessarily passing along all the profile and preference data. In other words, if it is the retailer’s app, it is the retailer’s CRM. If it is not, the merchant is relegated to acquiring the customer information through shared and competitive services. The business model of the third party intermediaries controlling check-in is to maximize their own revenue through competitive advertising and offers to the retail POS via geographical, consumer- riggered check-in.

3. In-store enhanced self-service – When a customer needs help or more information inside the store, they may seek a service representative, or likely turn to their mobile phone. If the retailer app provides the assistance they need, the retailer’s brand is reinforced and positioned to create more value for the customer. If a third party intermediary app is used, for example, RedLaser, the retailer’s store now plays the role of a showroom for Amazon and other competitors. Consumer Packaged Goods (CPGs) and other product manufacturers want to reach the consumer at the point of decision. Will they pay the retailer a premium to reach a certain type of customer in a specific location, or will they pay a third party to reach them?

4. Mobile payment and check-out – What do retailers give up if their customers close the retailer’s app and open up a separate mobile wallet when they check-out? If the retailer can offer payment, they maintain the customer connection, make a direct connection to their loyalty program, can offer incentives for use of preferred tenders, and keep the upside from pre- and post-sale advertising and offers.

5. eReceipts, post-sale promotions and social sharing – These can be very lucrative. Examples such as Catalina Marketing or inStream Media command advertising rates many times higher than other mediums just because they have a known geography and time of day triggers. If a customer is using the retailer’s app, there is not only a known geography and timing trigger but a registered user and their purchase and

© 2016 NACHA – The Electronic Payments Association. 11 All rights reserved. loyalty preferences. Advertising rates for reaching that profiled customer have not been established, but one could expect it would be no less than what Catalina commands at the POS today.

Each of the Five Mobile Trigger Points™ above represents a new customer service and merchandising touchpoint for the mobile wallet issuer. What happens to a retailer’s merchandising advantage if all the value-added interactions listed above are done within a third party intermediary’s app and mobile wallet while customers are inside the retailer’s store? Where does that leave the retailer and their ability to compete? Without consciously deciding to do so, retailers could be, touchpoint by touchpoint, ‘dis-integrated’ (versus vertically integrated) and marginalized to the point of simply being a warehouse.

Therefore the ROI for issuing and managing a mobile wallet and embedded payment service can be measured by the brandable, CRM-driven service interactions that can be controlled and influenced by the mobile wallet issuer. The cost benefit analysis of conducting the interaction through one’s own mobile wallet or app can easily be compared to the cost to obtain that same level of mobile interactivity through a competing platform.

In-Context Data Feeds with Machine Learning and Artificial Intelligence The in-context service interactions within a mobile wallet, especially when integrated across the Five Mobile Trigger Points™ in a retailer or financial institution or standalone app, can provide a stream of data for continuous improvement and product development beyond the payment value chain and throughout the financial services and retailing lifecycle. The data sets from the mobile service interactions have the potential to be massive, rich and continuous, and as such, well positioned for interpretation by algorithms and artificial intelligence that grow smarter and more valuable with each data element contributed to the machine learning platform.

Machine learning has had its biggest impact on payments in dynamic fraud detection and prevention. This will undoubtedly improve exponentially when mobile wallets are integrated with the big data in-context feeds and two-way communications with account holders. Well-constructed and adaptable machine learning algorithms grow more valuable on their own with the continuous input of new big data feeds.

The ROI from in-context data feeds with machine learning and artificial intelligence will extend beyond the improvements in fraud detection and prevention. The greatest return will come from extending the machine learning algorithms for improving the customer experience with functionality that is integrated before, during and after payment across the Five Mobile Trigger Points™.

So the business case for in-context data feeds with machine learning will first be measured directly by the reduction in fraud. This can be specifically calculated as the difference of fraud rates for accounts accessed through cards and other traditional modalities versus those initiated by tokenized mobile wallets and embedded buy buttons. However, the greater ongoing ROI will come from new customized functionality that was developed dynamically by machine learning algorithms on a highly individualized basis for each enrolled mobile wallet user. One measurable

Data-Driven Customized, Opt-In Advertising, Promotion and Offers The mobile wallet is a unique platform for delivering advertisements, offers, loyalty and other targeted incentives. As pointed out above, when the mobile wallet user registers a payment instrument, the mobile wallet platform provider must fulfill KYC requirements, thus providing a known, validated and authenticated user, something that very few advertising media possess today. Because the mobile wallet issuer is connected online, real-time to each registered user, the interaction can now be CRM- driven by specified, historical or predictive preferencing, meaning the exposure to ads and offers is on an opt-in basis, tailored and specified by the users themselves, and enhanced through machine learning, thus eliminating spam and irrelevant/annoying promotional content.

Product recommendations from Amazon generate about one-third of its total sales. For NetFlix, approximately three-fourths of their sales are derived from machine learning algorithm-driven recommendations. Delivering relevant promotional content and offers through a mobile wallet holds the potential for increasing sales, not just for electronic commerce sales as with Amazon or digital goods such as NetFlix, but in every purchase venue, the largest of which is in-store.

These and many other factors provide the foundation for mobile wallets commanding the highest rates for advertising, promotion and offers, even higher than those in the marketplace today that are geographically triggered at the POS on a receipt by Catalina Marketing or Instream Media.

Because a mobile wallet is an interactive, location-aware platform, new value-added services can be injected into it, making it relevant at each trigger point before, during and after payment. Each of these mobile promotional moments and interactions can be measured across the Five Mobile Trigger Points™ for determining the revenue potential to the mobile wallet issuer, because each of the five trigger points represents a new customer service and merchandising touchpoint for those that pay for advertising. The majority of ads and offers revenue is generated from Consumer Packaged Goods (CPGs) and product manufacturers, which typically lack a known, CRM view to their customers, and thus opens up a whole new interaction point for promotions and loyalty.

The entity who enrolls the customer for the mobile wallet is the one to control the ads and offer revenue generated across these Five Mobile Trigger Points™; financial nstitution versus retailer versus third-party intermediary mobile wallet. Advertising and promotional rates are driven by viewership, context and results generated from using the profiled, opt-in, preference-driven data across the Five Mobile Trigger Points™, with ads and offers inventory being sold to advertisers three ways, with each increased level of engagement/results generating higher revenues.

• Cost per thousand impressions (CPM)

• Cost per click (CPC)

• Cost per acquisition/action (CPA)

© 2016 NACHA – The Electronic Payments Association. 13 All rights reserved. The mobile wallet can confirm product or page views/impressions and sell the advertising inventory on a traditional CPM basis. Because the mobile wallet is interactive, the activated offers and interactions can be sold on a CPC basis the same way that Google, Yahoo and other Internet advertisers do today. Additionally, offers viewed and activated in a mobile wallet can be used to prove a net new sale for a retailer or CPG and thus command CPA promotional premiums from the advertiser in the way that Google, Groupon and others do.

This mobile advertising and offer business represents a net new revenue stream generated outside the financial institution’s current revenue base from CPGs, product manufacturers and retailers. It is estimated that the revenue potential of these ads and offers is roughly double what a typical financial institution generates in gross revenue per year from a DDA or approximately equal to the gross revenue per credit card account.1 For retailers, the mobile wallet platform strengthens their relationships and bargaining power with their supplying product manufacturers, increasing both sales and access to additional promotional dollars.

So the ROI from advertising, promotions and offers can be determined by the projected compensation extended to the mobile wallet issuer. It is estimated that the gross revenue potential generated by each active mobile wallet user is more than $300 per year through compensation from advertisers and brands based on CPAs, CPCs and/ or CPMs.2

New Payment Types with Alternative Clearing and Settlement Options The mobile wallet is its own unique token with multifactor authentication unsurpassed by any other payment type in terms of security and functionality. The platform, especially in the case of cloud-based approaches, holds the potential for establishing whole new payment types as well as alternative clearing and settlement networks.

The announcement by JPMorgan Chase of Chase Pay is an example of an alternative clearing and settlement network. According to the Chase Pay press release, on the issuing side, Chase manages a portfolio of more than 94 million credit, debit and pre-paid card accounts and is the top issuer in terms of credit and debit payment volume, with $707 billion in total sales in 2014. On the acquiring side, Chase Paymentech/Merchant Services represents one of the largest Merchant Acquirer Processors (MAPs) in the world. With issuing, acceptance and acquiring assets on both sides of this two-party market, combined with ChaseNet’s on-us processing terms and conditions secured by Chase in its 2013 deal with Visa, Chase Pay is able to essentially set up a closed-loop network for processing its own on-us mobile payment transactions. They have a complete payments system, and can work directly with merchants to drive down the cost of accepting payments through fixed pricing and no additional fees ($0 Network Fees, $0 Merchant Processing Fees and $0 Merchant Fraud Liability). Certainly the value proposition for Chase Paymentech has been uniquely strengthened compared to other MAPs by offering up its online and active base of account holders - an account

1 Crone Consulting LLC Best Practices Benchmark Database™ 2 UBS Report titled “Mobile Payments: Apple Has First-Mover Advantage, but Will Apple Pay Go Cloud- Based?” November 13, 2015.

14 © 2016 NACHA – The Electronic Payments Association. All rights reserved. base that completes 34 million transactions a day and logs in to their digital and mobile Chase accounts more than 16 million times each day, on average, according to Chase.

Starbucks has created an essentially new payment type in its transformation of the traditional gift card into a mobile spending account. In doing so, Starbucks has not only redefined its payments cost structure but supercharged customer loyalty, with more than 20 percent of its total sales initiated through the private label prepaid debit (PLPD) spending account inside the Starbucks app. Starbucks, acting as its own PLPD program manager, is able to further minimize costs and outside dependencies by acting as its own clearing and settlement network for all PLPD on-us remittances. And because PLPD balances can only be spent at Starbucks, they have essentially implemented an additional loyalty component as a byproduct of the mobile payment offering. The prepaid balances held by Starbucks contribute to funding their working capital needs without additional outside bank borrowing.

Other examples would include the Target Debit RedCard and other direct debit initiatives by merchants, including the CurrentC mobile wallet by the Merchant Customer Exchange (MCX) with Buy It Mobility Networks Inc. (BIM) now in pilot in Columbus, OH. Real-time payment initiatives currently underway could potentially be used in mobile wallets at the POS as well.

As the examples above portray, the ROI from launching new payment types with alternative clearing and settlement options can be measured directly in lower processing costs, greater loyalty and the value that comes from securing the data feeds for machine learning and offers engines within the mobile payment platform. Merchant Acceptance The business case for mobile payments is attractive to all pursuing the space, not just financial institutions and retailers. But for all the stakeholders in this multi-dependent ecosystem, the most important starting point for launching a ubiquitous mobile payment platform is merchant acceptance. Without merchant acceptance, consumers cannot use the wallet.

The most successful mobile payment schemes to date are those launched and controlled entirely by merchants themselves, such as Starbucks, Dunkin Donuts, and Subway, or embedded payments options such as Uber, Lyft, Amazon, or PayPal. To move beyond just private label merchant proprietary schemes to open ubiquitous mobile payment platforms at the physical POS requires a financial institution or third party playing into the self-interest of and benefits to retailers. Acceptance of a new mobile payment option by retailers hinges on the following major considerations:

• Access to customer data to improve OMI and OMV to increase sales;

• Reducing payment processing costs;

• Enabling tender reciprocity (allowing open-loop bank-originated debit and credit accounts inside retailer shopping apps and wallets and vice versa – supporting retailer-sponsored private label accounts inside financial institution-branded mobile banking apps and wallets);

© 2016 NACHA – The Electronic Payments Association. 15 All rights reserved. • Establishing deep links for opening retailer-branded shopping apps in-context. (Deep linking among mobile apps is similar to accessing content across the web dynamically through hypertext markup language (HTML). For example, a deep link would open a specific feature or function in a retailer’s mobile app, such as an offer, directly from a mobile banking app in the same way an HTML link would open a specific page.); and

• Required effort and changes to the POS and acceptance technology.

The persuasive argument for merchants to support a new payment type must demonstrate how it will decrease processing costs, increase sales, and strengthen loyalty and customer engagement. If these things add up, then the one remaining major factor is the effort, upgrades and changes required to support a particular mobile payment type at the point of sale. Larger retailers have a limited window in which to test and certify changes to the physical POS as most lock down their systems in advance of and through the holiday shopping season. The effort is further complicated by the fact that changes impact not only the physical terminals at the POS, but also the controllers, services, gateways and other backend operations and systems linked to or supporting the payment processes. Mobile Payment Deployment Models As it pertains to physical POS-based mobile payments, there are two basic models for facilitating the payment credentials:

• Closed hardware-based models where the credential or token stored is in the physical hardware that is controlled by the device manufacturer, wireless carrier, TSP, payment brand or some other proprietary entity; and

• Cloud-based deployment, which stores credentials in the cloud with open access to the various functional elements on the phone for making the connection at the physical POS.

Closed Hardware-Based Deployment Models and Tokenization In the hardware-based deployment model, account credentials, such as the Primary Account Number (PAN), cardholder name, expiration date, and security code, are tokenized and stored in the physical hardware of the mobile device. (What information is tokenized can vary depending on the standard used. For example, in the EMVCo standard, only the PAN is tokenized.) Typically the information is stored in a SE or within the SIM card of a mobile phone. Tokenized account credentials can also be specifically designated within a proprietary secure area within a device manufacturer’s mobile device. The phone’s internal memory card or a wrap-around phone case have also been used to store credentials, but these methods have been transitory.

In the hardware-based model, the tokenized account credentials stored physically in one of these areas are typically accessible through an NFC antenna embedded in the device. This deployment model is considered closed because access to the SE, secure area and NFC antenna are controlled and limited by the device manufacturer, wireless carrier/mobile network operator and/or the TSP designated with provisioning tokenized account credentials in the device. These restrictions contribute to greater security than

16 © 2016 NACHA – The Electronic Payments Association. All rights reserved. previously available in traditional card-based approaches. Further, many feel that the radically decentralized provisioning of tokens on individual SEs on mobile phones is safer than centralized control and access via cloud-based tokenization schemes.

This closed model has been favored by the device manufacturers, mobile network operators (MNOs) and existing payment brands to launch the first set of device manufacturer controlled and branded mobile wallets such as Apple Pay with NFC and Samsung Pay for both NFC and Magnetic Secure Transmission (MST), with the existing payment brands such as Visa, MasterCard, American Express and Discover.

The entity controlling the device and its hardware elements (e.g., SE, NFC antenna, etc.) controls the branded mobile payment option. The model forces payment account issuers (financial institutions or retailers) to establish a relationship and agree upon business terms dictated by the entity controlling the SE and tokenization scheme. In the case of Apple Pay, Apple extracts monopoly rents from financial institutions in the form of interchange concessions for provisioning a financial institution’s payment accounts within Apple Pay. Additionally, the financial institution’s payment issuing brand such as Visa and MasterCard also extracts a toll for tokenization services required to work with Apple Pay, among other material economic and procedural support requirements required to participate in Apple Pay.

As a physical SE can only store a finite amount of data, dependence on this hardware could possibly restrict the number of accounts that can be stored there. Thus, there are limitations to the number of issuers that can participate, and the prioritization of the types of accounts that can be activated.

Certainly the early winners that stand to gain materially from the walled garden erected by this closed hardware approach are the device manufacturers, wireless carriers, their designated TSPs and their sponsoring payment brands.

The device manufacturer, wireless carriers and/or payment brands’ TSPs will certainly charge tolls to provide access for provisioning of account credentials and Application Programming Interfaces (APIs), or refuse access for those credentials through the NFC antenna. As such, this approach essentially locks out financial institutions, retailers and other third parties from launching their own branded mobile wallet and embedded payment solutions using this approach.

The closed hardware-dependent approach also increases processing costs across the following dimensions:

• Interchange or other fees paid by the issuer directly to device manufacturer or entity controlling the closed hardware elements on the device such as the SE, SIM, NFC antenna, etc.;

• Tokenization fees paid to the sponsoring payment brand such as Visa and MasterCard;

• Processor fees for accounting and paying the fees to the device manufacturer;

• Cost of providing tier one customer and/or member service since Apple, Visa and the processors are insulated contractually from this responsibility, especially for attended CSR support to thwart higher provisioning fraud rates;

© 2016 NACHA – The Electronic Payments Association. 17 All rights reserved. • Foregone value of the upside revenue potential from advertising and offers, estimated to be worth about $300 per active mobile wallet user per year;

• Hardware upgrades by retailers at the physical POS to support NFC;

• Loss of Track Two customer identification data used by retailers’ CRMs and loyalty systems as a result of tokenization; and

• Cost of losing the User Interface, tender steering and marketing platform because of dependence on a third party controlling availability; preventing the key role of the mobile wallet as a servicing and marketing platform, not just a wallet.

Keep in mind that the benefit to device manufacturers from this approach, and risk to financial institutions and others, is added cost of entry, if not potential marginalization, commoditization and disintermediation for financial institutions and retailers. Device manufacturers controlling SEs, antennas and NFC could choose to provide secure APIs to financial institutions in the same way they do today for access to the camera, microphone, geo-location, TouchID, or Bluetooth. Yet their enviable control position makes it hard to imagine they would give up that position without first attempting to achieve critical mass for the approach that yields the highest return for their controlled enrolled user base.

Most of the forward momentum for the NFC-installed hardware base has been driven by existing payment brands, POS and mobile device manufacturers. But initial deployments have been limited to using the old ISO 14443 one-way NFC standard, which does not accommodate the value-added functions considered vital to igniting mass adoption of mobile payments, namely access to loyalty, offers activation, automatic redemption and net settlement at the POS as a byproduct of initiating a mobile payment.

Open Cloud-Based Deployment Models and Tokenization Cloud-based mobile payment options minimize the device-specific dependencies of other models and instead rely on open, readily available access connections through the mobile device and the physical POS. Payment credentials are stored in the cloud not on the phone’s SE, SIM or mobile wallet application. Connections to the physical POS are made via open protocols and APIs using the camera function with bar codes, BLE, ultrasonic, presence detection or Host Card Emulation (HCE) in the case of NFC. (Note that HCE still requires access to the NFC antenna, which in certain proprietary device schemes such as Apple iOS is not made available as an open API. For Android, NFC-enabled Android 4.4 and Blackberry 10 smartphones provide open access to the antenna and can perform HCE.)

The payment brands currently require issuers to provision and abide by their specified requirements for tokenization for NFC transactions via HCE to qualify for card-present rates. But HCE technology also makes it easier to deploy other lower cost token provisioning schemes, including performing the function in-house by the account issuer themselves. Regardless, cloud-based schemes are far easier to integrate with multiple disparate TSPs for different payment accounts, be they issued by financial institutions and/or retailers.

18 © 2016 NACHA – The Electronic Payments Association. All rights reserved. Some cloud-based models, such as Paydiant, actually tokenize not just payment credentials but the entire session, storing payment credentials in the cloud and matching them to retailer transactions in the cloud, rendering tokens with no sensitive data back to the merchant POS and the customer’s mobile app. This flow renders the entire process out of scope for Payment Card Industry Data Security Standard (PCI DSS), reducing vulnerability to hacking at the merchant or the consumer’s phone, and the dependency on outside TSPs.

The flexibility of Android-based NFC and the other access methods (e.g., camera/bar codes, BLE, ultrasonic, and presence detection) allows the mobile account issuer, be it financial institution or retailer or third party, to potentially deploy without any business arrangements or economic concessions to device manufacturers, wireless carriers, payment brands and TSPs (depending on the access technology used and the tokenization scheme deployed). Additionally, cloud-based options such as bar code presentment and bar code reading by the mobile wallet can be deployed with a minimum of effort by retailers, typically only requiring a software upgrade rather than a hardware and software upgrade necessary for NFC and EMV. Bar codes and other non-NFC access methods also can be deployed more universally across multiple mobile operating systems and multiple purchase venues such as fine dining, quick service restaurants (QSRs) drive thru lines, picture bill payment, pay-at-the-TV, cardless cash access (CCA) and the like.

Cloud-based schemes also enable the mobile wallet issuer to know the identity and preferences of all transaction stakeholders and the attributes of the transaction before a payment instrument is selected. Cloud-based payment by its nature presumes pre-authenticating and identifying the customer before completing a payment. Because of this, cloud-based payments are more easily paired with loyalty, offer activation with automatic redemption at the POS, electronic receipts and other new value-added services.

For these reasons, the open cloud-based approaches are considered the most promising for launching ubiquitous access for all phones, all tender types, in all purchase venues for financial institution- and retailer-branded mobile wallets. Mobile Purchase Venues and Access Technology The purchase venues and access technologies within those venues must also be considered in the evaluation of mobile wallet and payment options. The list below is an example of the different purchase venues to be considered for a mobile wallet provider.

Multi-lane retailer Single lane merchant Fine or casual dining (pay at table or bar) QSR drive thru Petroleum self-service pump Vending machines Printed advertisement prompted purchase Television prompted purchase Online electronic commerce P2P Pay upon delivery CCA at ATMs Picture bill payment In-app purchase Embedded payment (e.g., Uber, biller direct) Micro-merchant

© 2016 NACHA – The Electronic Payments Association. 19 All rights reserved. Once again the cloud-based options utilizing the open access technologies (e.g., bar codes, BLE, HCE, ultrasonic, and presence detection) provide the greatest potential for consistently deploying ubiquitously across the greatest number of purchase venues. Mobile Banking App: Platform for Mobile Wallets and Tender Reciprocity For many financial institutions, mobile banking usage is growing exponentially faster than Internet banking did, and will grow to dominate the majority of service interactions conducted between financial institutions and their customers. For this reason, the mobile banking platform plays a prominent role in expanding the services that a financial institution will deliver to its customers now and in the future. Payment transactions are the most frequent and voluminous touchpoints between customers, members and their financial institutions.3 It is for this reason financial institutions consider mobile payment an important new product opportunity as it can be the springboard to other new value-added mobile functionality and services. The mobile banking app, in and of itself, is viewed as a new provisioning, issuing and servicing platform, not only for payments and funded accounts, but many other services yet to be developed or widely available.

The key concept to keep in mind is the mobile banking app is provisioned, authenticated and managed by the issuing financial institution. In addition to branding, the financial institution is the System of Record (SoR) for the KYC requirements, account registration, authentication and CRM. Thus, the security and authentication risk factors for provisioning a mobile wallet are greatly minimized when conducted by the financial institution where the consumer originally opened the account in the first place.

The financial institution-branded mobile wallet should be thought of as a new access token (replacing the magnetic stripe and chip-based card). As a new account access token, the mobile wallet can provide POS payment and CCA at ATMs to funded accounts that are not currently card-enabled through network-branded payment schemes. This could include, for example, accessing and creating new payment functionality for business, home equity and personal revolving lines of credit; money market accounts; brokerage and mutual funds, cash-balance insurance and other prepaid accounts. Any funded account that supports the mobile wallet API could be used.

Chase Pay: A Case Study Chase Pay is an excellent example of how a bank-branded mobile wallet can be used to open the door for new clearing and settlement arrangements and tender reciprocity. Chase Pay will provide its own mobile wallet API leveraging its own Chase Paymentech merchant processing division relationships, enabling retailer acceptance of its API through MCX for processing on-us debit and credit transactions. It combines this large merchant acquiring business with its dominant card-issuing business (50 percent of all U.S. households have a Chase-issued credit or debit card, according to Chase), to create a new closed loop system of on-us mobile payments. But this is only the

3 Crone Consulting LLC Best Practices Benchmark Database™ and Service Interaction Analysis™

20 © 2016 NACHA – The Electronic Payments Association. All rights reserved. beginning for the Chase Pay API, because it could be used to access other funded and lending accounts at Chase…and any other entity willing to support the Chase Pay mobile payment protocols.

Just as Bank of America’s early BankAmericard franchise became the framework for multiple financial institutions’ participation, ultimately rebranded as Visa, so too could Chase Pay be for others that want to reach the POS for mobile payments. The most obvious and immediate would be those servicing entities providing private label credit card (PLCC) and PLPD and ACH debit support for retailers. Chase could use its common acceptance platform to make sharing the acceptance of bank-based and retailer-based tenders in each other’s respective mobile wallets possible, setting the stage for tender reciprocity between retailers and financial institutions.

Certainly the release and promotion of bank-built mobile wallets from Chase Pay, Capital One and Royal Bank of Canada signify the potential for other financial institutions of issuing their own bank-branded mobile wallets. These offerings play into the repeated independent surveys indicating that consumers overwhelmingly prefer their primary financial institution for a mobile wallet.

For retailers, acceptance of bank-branded mobile wallets represents a new opportunity to negotiate mutually agreeable business terms and redefine the compensation structure and working relationship for providing not only mobile payment but other valued-added services to retailers through the mobile connection. The starting point for merchant and financial institution collaboration on these points begins with gaining agreement around an open common acceptance platform for the financial institution branded wallet, and the support for the funding accounts registered between financial institutions and retailers, described above as tender reciprocity.

The business terms publically disclosed in the press release for Chase Pay exemplify the new opportunity for retailers and financial institutions to redefine their working relationship. Key to the Chase Pay offering is the open common acceptance platform that is promoted by Chase Pay, namely the use of bar codes in a cloud-based model. Chase Pay can be deployed using existing POS equipment with merely a software upgrade, and facilitates the value-added services for loyalty, offer activation and automatic redemption, support for merchant tenders, electronic receipts and the like through its cloud-based platform. In this way, Chase can offer up the value of its 94 million card holder base as a “distribution play” for acceptance by merchants to ncrease sales. And through its merchant acquiring processing division, Chase Paymentech, render the payment processing support for enabling the retailers. In its release, Chase also announced support by the largest consortium of merchants pursuing mobile payment options, MCX.

In the case of Capital One and Royal Bank of Canada (RBC), their offerings are also cloud-based, but limited to Android phones supporting HCE. This approach allows Capital One and RBC to launch riding the coattails of existing NFC deployments. However, the downside is that they do not have the ability to offer the same functionality on Apple phones equipped with NFC, since Apple does not provide open access to the antenna.

© 2016 NACHA – The Electronic Payments Association. 21 All rights reserved. ACH Applications One of the beneficiaries of the stronger authentication available today with a mobile device and the added functionality of a mobile wallet is the ACH Network. As the payments landscape has shifted over the past 40 years, the flexibility and adaptability of the ACH Network have provided a platform to support innovation and growth in electronic payments, and NACHA has adopted Rules that have enabled new uses of the ACH Network, including P2P payments and Internet/mobile transactions.

Since 2000, the number of ACH transactions has more than tripled, and currently the Network moves more than $41 trillion and over 24 billion electronic financial transactions each year and supports more than 90 percent of the total value of all retail electronic payments in the U.S. On the debit side, ACH is one of the preferred and dominant payment types for recurring billers through automatic debit programs and biller-direct initiated bill payments. On the credit side, ACH has grown to dominate payroll with more than 80 percent of all paychecks deposited directly into checking accounts by payroll processors on behalf of employers.

Fundamentally, ACH is a batch-based, negative acknowledgement system. This is especially true for debit pull payments initiated by billers and retailers through their financial institution or Originating Depository Financial Institution (ODFI). In the case of debits for bill payments, POS payments, or in-app, embedded mobile or traditional electronic commerce, a consumer authorizes the biller/merchant (Originator) to initiate a debit that pulls funds from his or her checking or savings account. This could be set up on a preauthorized, recurring basis, or as a one-time payment. The ODFI sends the transaction through the ACH Network to the consumer’s financial institution (the Receiving Depository Financial Institution or RDFI), which processes the debit against the consumer’s account.

Credit push payments can also be used in the ACH for bill payments or P2P payments. In this case, the consumer, through his/her financial institution, pushes a credit transaction through the ACH Network to the biller’s/person’s financial institution (RDFI), which processes the credit to the Receiver’s account.

With its long history and established procedures, best practices, governance and rules, the ACH Network is well suited to extending its capabilities to mobile wallet-initiated debits from and credits to DDAs. Recently NACHA adopted a rule to provide a new, ubiquitous capability for moving ACH payments faster, which will enable the same-day processing of virtually any ACH payment. This will allow ACH Originators that desire same-day processing to send same-day ACH transactions to accounts at any consumer’s financial institution. Currently, most ACH payments are settled on the next business day; however, same-day processing will benefit both businesses and consumers in many different cases, including the use of ACH in a mobile wallet.

22 © 2016 NACHA – The Electronic Payments Association. All rights reserved. Mobile Wallets and Same Day ACH – Benefits to Businesses and Consumers Debit/Credit Use Case Benefits Other Considerations Credit P2P Payment: Same Day ACH will The latest that a Same Day ACH credit can be consumer uses a move money more initiated by the originating financial institution mobile wallet to push quickly. This will reduce is 2:45 p.m. ET / 11:45 a.m. PT on a banking money to another risk and provide for day. ACH credits sent after this time would consumer. A near faster funds availability settle on the next banking day. real-time message is for the receiving usually sent to the consumer. receiver outside of the ACH Network. Credit Bill Payment: Same Day ACH will The latest that a Same Day ACH credit can be consumer uses a move money more initiated by the originating financial institution mobile wallet to push quickly. This will reduce is 2:45 p.m. ET / 11:45 a.m. PT on a banking funds to a company risk, improve funds day. ACH credits sent after this time would to pay a bill. availability for the settle on the next banking day. biller, and help the consumer avoid late fees and possible disruption of a needed service. Credit POS Payment: Same Day ACH will The latest that a Same Day ACH credit can be consumer uses a move money more initiated by the originating financial institution mobile wallet to push quickly, which enables is 2:45 p.m. ET / 11:45 a.m. PT on a banking funds to a merchant faster funds availability day. ACH credits sent after this time would at the physical POS. for the receiving settle on the next banking day. merchant. A credit at the POS with immediate confirmation gives the merchant greater surety of payment, in that the payment cannot be returned for insufficient funds or as unauthorized at a later time.

This use case would require the creation of significant new infrastructure in order for the wallet issuer to determine the merchant’s account credentials. In addition, there would be potential reconciliation issues for the merchant, and changes to the NACHA Operating Rules might be required.

© 2016 NACHA – The Electronic Payments Association. 23 All rights reserved. Mobile Wallets and Same Day ACH – Benefits to Businesses and Consumers Debit/Credit Use Case Benefits Other Considerations Debit In-app, Embedded, Same Day ACH’s The latest that a Same Day ACH credit can be Mobile or Traditional faster processing and initiated by the originating financial institution Electronic Commerce settlement time is 2:45 p.m. ET / 11:45 a.m. PT on a banking Payment: consumer allows for the receipt day. ACH credits sent after this time would uses a mobile wallet of returns sooner and settle on the next banking day. to provide the lowers the risk for the merchant information provider of goods and so the merchant can services. pull funds from the consumer to make a payment. Debit Bill Payment: Same Day ACH will The latest that a Same Day ACH credit can be consumer uses a move money more initiated by the originating financial institution mobile wallet to quickly and will help is 2:45 p.m. ET / 11:45 a.m. PT on a banking provide the biller the consumer avoid day. ACH credits sent after this time would information so that late fees and possible settle on the next banking day. the biller can pull disruption of a needed funds from the service. The faster consumer to make processing and a payment. settlement time also allows for the receipt of returns sooner and lowers the risk for the merchant. Debit POS Payment: The faster processing The latest that a Same Day ACH credit can be consumer uses a and settlement time initiated by the originating financial institution mobile wallet to allows for the is 2:45 p.m. ET / 11:45 a.m. PT on a banking provide the receipt of returns day. ACH credits sent after this time would merchant information sooner and lowers the settle on the next banking day. so the merchant can risk for the merchant. pull funds from the consumer to make a payment.

The lower, fixed-fee pricing schedules associated with ACH have typically outweighed the settlement risk concerns in the processing venues in which ACH has grown to dominate, such as recurring payments. In addition, the pre-authenticated and ongoing relationship that the consumer has with the Originator has limited or mitigated some of the clearing and settlement risk factors associated with ACH processing. At the point of sale, processors have stepped in to provide account validation and transaction guarantee services (e.g., eliminating the settlement risk of a negative acknowledgement batch-based system) and as such can put ACH on nearly equal footing as other online, real-time transaction-based services from the major payment brands.

There are some innovative platforms, such as Buy It Mobility Networks (BIM), which provide solutions to mitigate prior limitations for consumers’ and merchants’ use of the 24 © 2016 NACHA – The Electronic Payments Association. All rights reserved. ACH in a mobile wallet at the POS. BIM, for example, offers guaranteed ACH transactions at the POS and authenticates and validates the DDA and routing and transit numbers for instant provisioning. In the past, the cost of these services have typically eroded the fixed-fee cost advantage of ACH; however, with real-time account information becoming available, and stronger authentication made possible by the mobile device, it is likely that a different guarantee model will continue to emerge, with a cost that is lower than current services.

Currently, ACH transactions result in a lower unauthorized return rate than credit cards and signature debit cards, and less than three of every 10,000 ACH debits are returned by consumers claiming they are unauthorized. One can make the case that multifactor authentication, access to federated identification, and other features inside a mobile wallet, issued and provisioned by a reliable entity, combined with guarantee services could contribute materially to reducing the risk and increasing the functionality of ACH in more vulnerable transaction-based use cases and venues such as the physical POS, in-app mobile and electronic commerce purchases and P2P payments.

The starting point for leveraging ACH in a mobile wallet is streamlining the registration and activation by reliable and trusted entities while also improving the integrity of the process to limit the risk of provisioning and transaction processing fraud. A mobile wallet establishes a pre-authenticated, validated and ongoing relationship between the wallet issuer and the consumer in similar fashion as an ACH debit might with a recurring biller. Registering ACH payment options within a mobile wallet happens in advance of payment and allows time for validation of the DDA credentials, as well as authentication of the account holder.

To help those building out these capabilities, it may be beneficial to have NACHA establish some sort of indicator for mobile wallet-provisioned and processed payments. By providing this new ACH indicator, both NACHA and industry stakeholders can develop a new set of metrics for measuring the added benefits of ACH-provisioned mobile wallets. Additionally, there is an opportunity to establish an ACH tokenization scheme that is compatible with the existing or predominantly used tokenization scheme for credit and debit cards in order to simplify retailers’ payment processing.

MCX CurrentC: A Case Study Extending the ACH payment type, with its biller/retailer favorable business terms such as fixed fee processing costs, to the physical POS through mobile payments is what attracted the MCX to initially form and launch its mobile payment platform.

MCX, through its CurrentC mobile wallet, simplified the registration process for its ACH-based debit option by utilizing BIM to eliminate delays involved in some other methods of account validation. BIM leverages online banking registration to authenticate and validate the DDA account and routing and transit numbers, for provisioning instantly the mobile payment option. Additional means of consumer enrollment/verification are expected to be rolled out over time.

With the MCX CurrentC platform, the debit option becomes an embedded payment button, similar to PayPal or a biller-direct bill payment. It can also be subsumed into the purchase process as a buy button by the provisioning entity for in-app, mobile and traditional electronic commerce purchases.

© 2016 NACHA – The Electronic Payments Association. 25 All rights reserved. The faster payment processing initiatives already underway for ACH, combined with account validation and transaction guarantee services, makes the MCX direct debit option rival the ease and functionality of PIN and signature debit options from the major branded payment networks at a much lower cost for retailers.

This process can greatly expand the funding sources available to the mobile wallet, using the ACH framework as the foundation for providing POS payment utilizing other funded accounts, not just checking accounts. Merchant and Financial Institution Collaboration As mentioned previously, building a bridge between merchants and financial institutions for the acceptance of bank-branded mobile wallets with tender reciprocity will require addressing the common ground between them. To establish the common ground required between financial institutions and retailers in any of these scenarios, existing stakeholders will need to update their thinking, and define, or in some cases redefine, existing business terms for such items as:

• Determining if card present or card not present interchange rates are appropriate for mobile wallet payments;

• Data rights and responsibilities: who owns or sees the customer data and what responsibilities do those entities have;

• Incorporation of activation, automatic redemption and net settlement of offers;

• Storage Keeping Unit (SKU) purchase confirmation and guidelines for cost allocation and revenue sharing;

• The use of deep links for opening the customer’s preferred app to enhance the shopping experience and complete the payment; and

• Determining the importance of a consistent User Experience (UX) at the POS, in-app, or via buy buttons.

For example, the open cloud-based options hold the most promise, but require the recognition by the existing payment networks that the safety, security and multifactor authentication applied to these payment options, if they rival or enhance the security provided by their own tokenization schemes, would indeed qualify for card-present debit and credit processing rates by the major networks.

As we reviewed above, current tokenization schemes make it nearly impossible for retailers to identify their customers, so the sharing of opt-in customer data and/or loyalty integration is an important component of having retailers accept bank-branded wallets.

Incorporating the activation, automatic redemption and net settlement of pre-activated offers is important functionality to both retailers and financial institutions, regardless of which mobile wallet the consumer ultimately utilizes for payment.

And finally, creating an open pathway and integrated deep links for opening each respective entity’s own branded mobile application, be it a retailer’s shopping app or a financial institution’s mobile banking app, is vital to respecting the consumer’s desire

It is the acknowledgement of these basic terms in any mobile payment platform that establishes the foundation for defining the best practices for accepting bank-branded mobile wallets with tender reciprocity. Conclusion Like Internet access and personal computer wars of the past, mobile wallets are subject to the classic “open versus closed” system arguments. Hardware makers will favor the closed approach, which gives them end to end control of the process and user experience. Ultimately, both the open and closed models have their pros, cons, risks and costs; but until hardware manufacturers provide open, full access to proprietary hardware-based methods of storing account credentials and accessing the physical POS, cloud-based approaches can be used to launch wallets with ubiquitous access for all phones, all tender types, in all purchase venues.

Because the mobile wallet does more than just facilitate payment, both retailers and financial institutions have a vital interest in providing mobile payment as a part of their shopping or banking app experience. While the most successful mobile payment systems so far are those launched and controlled entirely by merchants, to achieve open ubiquitous mobile payment platforms at the physical POS will require moving beyond these private label merchant proprietary systems. Financial institution mobile wallet solutions will need to gain the acceptance of retailers by providing them the benefits they require, including tender reciprocity and the ability to leverage different account options at the POS such as ACH. This will also give consumers the flexibility to use any payment type they wish: open-loop, financial institution-issued debit and credit accounts, general purpose reloadable (GPR) prepaid debit accounts, private label, merchant-issued credit, pre-paid or stored value account, direct debit accounts and loyalty/reward points – which will be essential to mass adoption.

The Alliance believes that there will not be one wallet that “wins.” Instead consumers will utilize multiple payment apps or wallets, especially if they are bundled with the essential customer service, information, discounts and other functionality they already seek from their primary financial institution and favorite retailers. Indeed, there may be as many mobile payment apps as there are providers with compelling content. However, while it is likely that retailers and financial institutions will create their own mobile wallet solutions, to truly remove the friction from the POS and achieve widespread adoption, retailers and financial institutions will need to work together to achieve interoperability.

Ultimately, the “safe bet” for any financial institution, retailer or Third-Party Service Provider will always be that which reinforces their customer relationships, their accounts, their brand and their own app. This white paper seeks to illustrate the benefits of each approach, and provide a blueprint for retailers and financial institutions to work together for their mutual benefit, empowering both financial institution- and retailer-branded mobile wallets with tender reciprocity for all payment types, using a common, open acceptance technology.

BLE - Bluetooth Low Energy

CCA - Cardless Cash Access

CPA – Cost Per Acquisition/Action

CPC - Cost Per Click

CPG - Consumer Packaged Goods

CPM - Cost Per Thousand Impressions

CRM - Customer Relationship Management

DDA - Demand Deposit Account

ERP - Enterprise Resource Planning

GMV - Gross Merchandise Value

GPR - General Purpose Reloadable

HTML - Hypertext Markup Language

ICCID - Integrated Circuit Card Identifier

IMETI - International Manufacturer Equipment Identifier

KYC - Know Your Customer

MAP - Merchant Acquirer Processors

MCX - Merchant Customer Exchange

MDES - MasterCard Digital Enablement Service

MNO - Mobile Network Operators

MST - Magnetic Secure Transmission

NFC - Near-Field Communication

OMI - One More Item

P2P - Person to Person

PAN - Primary Account Number

PCI DSS - Payment Card Industry Data Security Standard

PIN - Personal Identification Number

PLCC - Private Label Credit Card

PLPD - Private Label Prepaid Debit

POS - Point of Sale

POV - Point of View

QSR - Quick Service Restaurants

ROI - Return on Investment

SE - Secure Element

SIM - Subscriber Identity Module

SKU - Storage Keeping Unit

TSP - Token Service Provider

UDID - Universal Device Identification

UI - User Interface

UX - User Experience