PAYMENTS INDUSTRY INTELLIGENCE January / February 2017

PaymentsCARDS & MOBILE

IN THIS ISSUE PAYMENT CARDS IN EUROPE 2017 CYBER CRIME CYBER HEISTS AND THE CYBER SECURITY FIGHT BACK

ARTIFICAL INTELLIGENCE THE RISE OF THE MACHINES

CARD NOTES • ISSUING & ACQUIRING • MOBILE PAYMENTS • E-COMMERCE POS TERMINALS • CONTACTLESS • PRODUCTS & CONTRACTS • CONFERENCES www.paymentscm.com payments cards & mobile | January / February 2017 1 Your Quality Confirmed.

Test Solutions for the payments world

Your success is our concern. You have ambitious goals and we are dedicated to helping you get there. We engage with you, help you gain insight and advise you.

> Certify your EMV Payment Terminals > Minimize downtime of your ATMs and release changes easier > Validate your payment host and switch implementations

We’d love to talk. Contact us at [email protected]

See us at the Merchant Payments Ecosystem Expo • February 14-16, Berlin

www.opentestsolutions.com 2 PAYMENTS INDUSTRY INTELLIGENCE January / February 2017 Volume 9, Issue 1

PaymentsCARDS & MOBILE

Happy New Year to you all!

As the payments industry clears the sleep from its eyes and begins to rev up the engine, the more astute of you will have noticed that not a lot changed over Christmas. For those working in UK financial institutions, the threat of Brexit and Theresa May’s government finally making its mind up will still be an eye-catching issue during 2017. For the rest of the industry, it’s business as usual.

In this issue, we take our annual statistical view of the European payments industry. The good news is that there is growth in both card issuance and card acceptance generally. However, we cannot be lackadaisical as the threat of cybercrime is ever-present.

Criminals seem to be eschewing the soft underbelly of robbing consumers through phishing attacks etc. and going for the big bucks... Criminals are back to robbing banks! With that in mind, we focus our critical eye on how the industry is waging the cyber security fight back in this ever-evolving battleground.

What if everything were controlled by highly advanced artificial intelligence? Machines such as Skynet from the Terminator films? Once it became self-aware, it saw humanity as a threat to its existence and decided to trigger the nuclear holocaust Judgment Day and deploy an army of Terminators against humanity. Perhaps I’m being overzealous here, but what if…we reveal all in the feature about the rise of the machines.

Alexander Rolfe, Editor-in-chief and publisher, Payments Cards & Mobile

Production Team

Editor-in-chief and publisher Head of Business Development Subscriptions and General Contributors Alexander Rolfe Wendy Sanders Gemma Rolfe Joyrene Thomas Tel (+44) 1263 711 800 Tel (+44) 1263 711 801 Tel (+44) 1263 711 800 [email protected] [email protected] [email protected] Printing Micropress Printers Staff Writer General Manager Graphic Design Joyrene Thomas Gemma Haywood Adam Unsworth Tel (+44) 1263 711 800 Tel (+44) 1263 711 800 Tel (+44) 7932905744 [email protected] [email protected] [email protected]

Editorial Advisory Board

John Berns June Felix Managing Partner, Accourt President – Europe, Verifone

Sylvie Boucheron-Saunier Denise Gee SVP Financial Institutions, North America & Europe, ACI Director, Magna Carta

Robert Courtneidge Simon Hardie Global Head of Cards and Payments, Locke Lord Director, Magna Carta

All rights reserved. No part of the publication may be reproduced or transmitted in any form without the publisher’s prior consent. While every care is taken to provide accurate information, the publisher cannot accept liability for errors or omissions, no matter how caused.

© PaymentsCM LLP 2017 Payment Cards and Mobile™ is owned and published by PaymentsCM LLP ISSN 1759-829X contents payments news features

6-7 NEWS IN BRIEF 12-15 COVER STORY: All the latest news from the past 60 days PAYMENT CARDS IN EUROPE 2017 card notes Cards and card payment at the point of sale and online showed solid growth rates in most European countries in 2015.

08 HOW DO YOU SOLVE A PROBLEM LIKE BRANCH TRANSFORMATION? Banks are on the horns of a dilemma with regard to branches. The current branch model is broken. It is financially unsustainable, not always customer-centric or inclusive of digital and omni-channel models.

08 EMV CARD-PRESENT TRANSACTIONS EXCEED 42 PERCENT GLOBALLY More than two-in-five card transactions undertaken in the face-to-face environment globally between July 2015 and June 2016 used EMV chip technology, according to official figures released by technical body EMVCo.

09 CASH BAN CAUSES CHAOS IN INDIA Many in India were unprepared when prime minister Narendra Modi 16-18 CYBER CRIME: announced a surprise ban on higher denomination notes. The Rs500 and Rs1,000 rupee notes ceased to be legal tender overnight on 08 November CYBER HEISTS AND THE CYBER in a government crackdown on corruption and tax evasion. SECURITY FIGHT BACK 2016 was the year when cybercrime reached record heights with 10 FEDERAL RESERVE PAYMENTS STUDY HIGHLIGHTS STRONG a $81 million cyber heist on the Bangladesh central bank, and an TRENDS IN CARD USE unprecedented number of ATM attacks and data security breaches. Card payments accounted for more than two-thirds of all core non-cash payments in the US in 2015, according to a triennial Federal Reserve study.

10 UK CONSUMERS SUPPORT DATA-DRIVEN FRAUD PREVENTION The majority of people interviewed for a UK survey accepted the use of transactional data to combat fraud, if there were safeguards in place.

11 A NEW WAY TO PAY? The UK payments strategy forum has delivered a new strategy to overhaul the nation’s payment systems, making it fit for the 21st century. In its official statement, the forum set up by the payment systems regulator billed this as the most radical change in payments since the 1960s. 23-25 ARTIFICIAL INTELLIGENCE:

11 THE FUTURE IS HAPPENING IN REAL-TIME THE RISE OF THE MACHINES Consumer-facing technology brands have done much to reset Move over Big Data. There are two new buzz words in town: ‘artificial expectations around speed, but also convenience, value and choice. To intelligence’ and ‘machine learning’. meet customer expectations and set themselves up strategically for the future, real-time, immediate or instant payments are now a necessity for banks around the world.

PAYMENTS INDUSTRY INTELLIGENCE

PaymentsCARDS & MOBILE www.paymentscm.com

4 payments cards & mobile | January / February 2017 www.paymentscm.com contents industry insight e-commerce

19-22 BORN DIGITAL IN 9 MONTHS: A STORY OF B1NK AND OPENWAY 34 EXPLOSIVE GROWTH IN LAT AM E-COMMERCE – MERCHANTS Replacing legacy platforms or implementing new solutions which STRUGGLING WITH PROCESSING COMPLEXITIES underpin digital banking processes can seem daunting. The fact that the main markets in Latin America are experiencing an explosion in e-commerce growth is hardly news. However, as both issuing & acquiring IN ASSOCIATION WITH internet and smartphone take-up continues, consumers now have e-commerce opportunities that other markets may have taken for 26 PREPAID CARDS: OPENING UP A NEW WORLD OF POSIBILITIES granted over the last five years. Prepaid cards are witnessing a fast rise in popularity, with the global market expected to grow to $535bn by 2020. 34 FRICTIONLESS CHECK-OUT UNDER THREAT IN EUROPE The recent European Banking Authority (EBA) consultation paper on 28 COMBATTING THE TRADE IN CHILD ABUSE MATERIAL ONLINE strong customer authentication and secure communications under PSD2 The internet comes with unintended consequences, including the ease generated 146 responses. with which it can be mis-used for the commercial sexual exploitation of children. pos terminals

29 BLOCKCHAIN GOLD PILOT COMPLETE 35 DISCOVER AND PAYPAL PARTNER ON DIGITAL PAYMENTS Euroclear announced the successful completion of its first pilot for Discover Financial Services (DFS) and PayPal have signed a tokenisation Euroclear Blockchain, the gold bullion-based Blockchain solution, with and digital payments agreement making PayPal more widely available to FinTech company Paxos. Discover cardmembers, acquirers and merchants.

29 SEPA INSTANT CREDIT TRANSFERS ARRIVE 35 WORLDLINE AND HEASE ROBOTICS SIGN PAYMENTS The European Payments Council published the SEPA instant credit PARTNERSHIP transfer (SCT Inst) scheme rulebook at the end of November 2016. Worldline has entered into a mutually beneficial co-development relationship with Hease Robotics, a French B2B service robot 29 OPEN API-DRIVEN DIGITAL INNOVATIONS AND MERCHANT PAYMENTS manufacturer, which delivers robots to the retail and hospitality How mobile, online and social media channels have revolutionised industries. consumers’ shopping behaviour, and sparked demand for new payment solutions that support multichannel commerce, Big Data, loyalty and products & contracts targeted advertising. 37 AMEX ACQUIRES AUTHENTICATION VENDOR INAUTH mobile payments American Express announced in early December 2016 that it had acquired the risk management and authentication vendor InAuth for an 30 SIZING AND PROFILING THE IN-APP MOBILE PAYMENTS MARKET undisclosed sum. First Annapolis recently estimated current in-app mobile payments volume at €60 billion and €125 billion in Europe and North America 37 VISA BUYS CARDINALCOMMERCE respectively. In attempt to accelerate its digital commerce ambitions, Visa has agreed the acquisition of card-not-present authentication firm contactless CardinalCommerce.

32 US PAYMENTS FORUM LAUNCHES NEW MOBILE AND 37 CMA SLOWS MASTERCARD ACQUISITION OF VOCALINK CONTACTLESS PAYMENTS EFFORT The Competition and Markets Authority (CMA) has found that Mastercard’s The US Payments Forum has announced the mobile and contactless acquisition of VocaLink gives rise to competition concerns. payments working committee. conferences 32 MASTERCARD AND VISA SIGN DIGITAL WALLET TOKENISATION DEAL Mastercard and Visa have committed to accelerating the adoption of an 38 TRUSTECH 2016 AND MERCHANT PAYMENTS ECOSYSTEM 2017 open digital wallet. There was a great deal of negative speculation about the survival of Cartes when they decided to change both the name to Trustech and 32 NON-CASH PAYMENTS ACROSS US AND UK TO SOAR BY 2026 venue to Cannes for the 2016 event. The value of non-cash payments in the US and UK will reach $46 trillion and £1.44 trillion respectively by 2026, new research from global law firm 38 CONFERENCE DIARY Paul Hastings shows. Upcoming events in the payments industry.

www.paymentscm.com payments cards & mobile | January / February 2017 5 news in brief PCM DAILY NEWS FEED Get the latest

SHOULD A CENTRAL BANK ISSUE DIGITAL BLOCKCHAIN CONSORTIUM R3 HAS LOST payment news in CASH IN THE SAME WAY THAT IT CURRENTLY SEVERAL HIGH-PROFILE MEMBERS, your inbox ISSUES PHYSICAL NOTES AND COINS? In INCLUDING GOLDMAN SACHS, SANTANDER, SUBSCRIBE ONLINE NOW AT a speech at a FinTech event in Stockholm in MORGAN STANLEY AND NATIONAL WWW.PAYMENTSCM.COM mid-November, the deputy governor of the AUSTRALIA BANK. Founded in September Swedish central bank outlined her institution’s 2015 with nine members, R3 quickly swelled BANCO DO BRASIL, LATIN AMERICA’S plans to investigate e-krona. The Riksbank will to more than 70 participants. However, it is LARGEST BANK BY ASSETS, IS TO CUT examine technologies, policy and legal issues rumoured that Goldman baulked at being asked BRANCHES AND STAFF IN AN ATTEMPT TO surrounding the issuance of digital cash as to contribute to a $150 million Series A funding SHORE UP PROFITS. According to Reuters a complement to banknotes and coins. The round alongside other investors, and wanted reports, the state-controlled bank said that it use of cash in Sweden is in long-term decline more operational control. “As with any project would close 402 branches, downsize another according to various metrics, including cash in of this scale and scope, we always expected 379 and offer early retirement to employees who circulation as a percentage of GDP, ATM cash the make-up of the consortium to change over accept proposed terms. The restructuring of withdrawals and consumer payment habits. time,” said R3 in a statement. the branch network during 2017 is projected to net annual savings of 750 million reais ($221.89 SAFRAN IDENTITY & SECURITY HAS BEEN million), excluding personnel costs. AWARDED A FIVE-YEAR CONTRACT BY THE NATIONAL ELECTORAL INSTITUTE OF MEXICO FIVE RUSSIAN BANKS WERE HIT BY A FOR ITS MULTI-BIOMETRIC IDENTIFICATION SERIES OF CYBER ATTACKS IN NOVEMBER, SYSTEM AND RELATED SERVICES. As one of THE COUNTRY’S BANKING REGULATOR the world’s largest systems of its kind, the multi- CONFIRMED. State-owned Sberbank was one biometric identification system will ensure each target of a prolonged distributed denial of service voter has a unique identity by detecting false or (DDoS) attack, which overwhelms a website with double-identity cases in real time. It uses both fake traffic to knock it offline. Sberbank said it fingerprint and facial recognition to help ensure had suffered 68 similar attacks in 2016 but the LLOYDS BANKING GROUP HAS AGREED TO that each Mexican citizen is registered only once ones in November ranked among the biggest it BUY THE MBNA CREDIT CARD PORTFOLIO in the national voter rolls. had faced. The names of the other banks targeted FOR £1.9 BILLION. The UK lender’s first major have not been released but all are believed acquisition since the government bail-out in to be among the ten biggest in Russia, the 2008 will give it a 26 percent share of the BBC reported. credit card market. The deal fits with Lloyds’ objectives to expand in higher margin areas VEGETARIANS, VEGAN AND RELIGIOUS and rebalance its mortgage-heavy business. GROUPS ARE UP IN ARMS AFTER THE BANK António Horta-Osório, chief executive, Lloyds, OF ENGLAND CONFIRMED THAT THE NEW said: “We have always said the consumer POLYMER £5 NOTE CONTAINS TALLOW, A finance area was under-represented in two TYPE OF ANIMAL FAT ALSO USED IN SOAP divisions: credit cards and car finance.” MBNA AND CANDLES. 120,000 people had signed an has around five million customers and 11 online petition as at the beginning of December, percent of credit card balances in the UK. calling for the cessation of animal products ACCOUNT OPENINGS AT WELLS FARGO HAVE in the currency. The Bank of England spent THE ROYAL MINT IS SET TO LAUNCH A CONTINUED TO FALL IN THE WAKE OF THE around £70 million on introducing the note, DIGITAL GOLD OFFERING WHICH WILL SALES SCANDAL. Customers opened 41 percent which is expected to last 2.5 times longer than BE TRADED ON THE BLOCKCHAIN. The fewer current accounts and made 45 percent a paper note, and includes new anti-counterfeit 1,000-year-old institution owned by HM fewer credit card applications in November 2016 features. Polymer notes are also issued in Treasury has partnered with CME Group to year-on-year. The California bank was fined a Australia, Canada, Romania and Vietnam, build and launch digitised gold. From 2017, record $185 million by US regulators after it was among other countries. the Royal Mint will issue Royal Mint Gold as found to have opened more than two million a digital record of ownership for gold stored accounts and credit cards for customers without at its secure vault. CME Group will develop, their knowledge. Wells’ woes continued when the implement and operate the product’s digital Office of the Comptroller of the Currency revoked trading platform. It is hoped that this new previously-granted waivers. The bank will no service will provide an easier, cost-effective longer enjoy expedited treatment over business and cryptographically secure alternative to decisions, such as opening branches, promoting buying, holding and trading spot gold. or paying off senior staff.

6 payments cards & mobile | January / February 2017 www.paymentscm.com news in brief

FAKE CHINA UNIONPAY CARDS HAVE BEEN STRIPE HAS RAISED $150 MILLION IN A USED TO WITHDRAW MORE THAN ¥1 BILLION SERIES D FUNDING ROUND TO VALUE THE PCM DAILY NEWS FEED FROM ATMS IN TOKYO SINCE SPRING 2016, COMPANY AT MORE THAN $9 BILLION. The ACCORDING TO THE JAPAN NEWS. Four online payment processor, which allows websites Taiwanese men were arrested on suspicion of and apps to incorporate payment services, was Insight is theft and other charges, and around 200 cards launched in September 2011 by Irish brothers issued in a variety of names were confiscated. Patrick and John Collison. The round was led by The fraudulent withdrawals were revealed as a CapitalG and General Catalyst, and also included everything result of a follow-up investigation by police and participation from existing investors such as financial institutions into ATM transactions made Sequoia Capital. In-depth analysis, using overseas cards. This followed an incident industry snapshots, in May 2016 when counterfeit credit cards from a South African bank were used to simultaneously news in brief and withdraw around ¥1.8 billion from convenience authoritative features. store ATMs in 17 prefectures. Payments Cards & Mobile's authoritative VISA HAS LAID OFF STAFF ON BOTH SIDES OF THE ATLANTIC FOLLOWING ITS €21.2 editorial coverage BILLION ACQUISITION OF VISA EUROPE IN separates the hype JUNE 2016. 213 people were let go at the Foster City site effective early January 2017, from the happening according to the official layoff notice filed with within the payment the state of California. Meanwhile in Europe, scores of staff on UK contracts were laid off at cards and mobile OBERTHUR TECHNOLOGIES HAS RECEIVED the end of November 2016, with further phased payment industry. CERTIFICATION FOR ITS DYNAMIC SECURITY redundancies expected during 2017. Staff in CODE CARD FROM THE CARTES BANCAIRES the European technical and systems areas GROUP, A FRENCH UMBRELLA ORGANISATION were particularly hard hit as Visa winds back Subscribe now OF MORE THAN 120 INSTITUTIONS. The investment in European transaction processing MOTION CODE card includes a display on the capabilities in favour of the VisaNet platform. reverse where the 3-digit security code changes automatically every hour. “More than 90 percent of online transactions are made using credit cards in France. The dynamic security code will strengthen the security of online transactions. This solution is compliant with all e-commerce sites across the world and provides a transparent customer experience,” said Gilbert Arira, CEO of Cartes Bancaires.

SIA HAS COMPLETED THE €500 MILLION ACQUISITION OF UNICREDIT’S PROCESSING BUSINESS IN ITALY, GERMANY AND AUSTRIA. The deal effective 1 January 2017 also includes a PAYMENTS INDUSTRY INTELLIGENCE ten-year outsourcing contact to SIA for processing services and management of the POS and ATM estate. Speaking on the closure of the deal, SIA PaymentsCARDS & MOBILE chief executive Massimo Arrighetti explained that the acquisition was part of SIA’s strategic paymentscm.com objective to consolidate its international position. He predicted 20 percent revenue growth in 2017. www.paymentscm.com payments cards & mobile | January / February 2017 7 card notes GLOBAL

HOW DO YOU SOLVE A PROBLEM LIKE BRANCH TRANSFORMATION?

Banks are on the horns of a dilemma with regard to branches. The current branch model is broken. It is financially unsustainable, not always customer-centric or inclusive of digital and omni-channel models. Yet branches are a critical sales channel, even among so-called millennials who are the keenest adopters of new, digital technologies.

Speaking at the RBR Branch Transformation proportion of branch visits involve routine Clearly, to deploy or not to deploy assisted self- 2016 conference, mBank, Poland said that counter, low value or cash transactions. service depends on each bank’s strategic and more than half its new customer acquisitions Unsurprisingly transaction automation makes operational objectives. and loans came from the branch network. up a significant share of the technology budget The problem of branch transformation is not Elsewhere, more than 70 percent of UK student in branch transformation projects. According new, nor is it necessarily solvable. Markets are accounts were opened face-to-face in a branch. to RBR analysis, the global branch automation not homogenous. Banks start from different Banks need to re-shape the branch, making it technology market is worth $13 billion per year, places with different customers, objectives more efficient while enhancing the customer and is growing at four to eight percent annually. and views on format, technology, processes experience, according to Tom Hutchings, These technologies range from self-service and people. The pragmatic approach is to principal, RBR. (e.g. cash deposit, cash recycling and other accept that the future starts today. And that Determining what customers actually want deposit automation), and assisted self-service any bank can only ever be part-way through a from a bank branch is a two-fold problem. (e.g. hand-held tablets, remote video) to back- branch transformation journey, the destination Firstly, not many banks actually ask. And when office automation for bank staff. Assisted or direction of which may change en route. they do, they discover that where, when and self-service technology is polarising among how customers want or need to bank differs banks. One school of thought feels why make enormously. The imperative to move away from customers interact with a machine, if they have the status quo is undeniable. Yet there is no walked by an ATM and two other self-service one-size-fits-all approach as to how. terminals to get to the counter? Another posits While customers do not visit a branch the theory of the ‘universal banker’ where an because of the bank’s technology, technology element of automation frees staff up to provide does enable other objectives. A large enhanced service to customers as required.

EMV CARD-PRESENT TRANSACTIONS EXCEED 42 PERCENT GLOBALLY

More than two-in-five card transactions The 37 countries comprising western Europe technology. This is followed by Africa and the undertaken in the face-to-face environment (Europe zone 1) are close to full EMV chip Middle East at 90 percent, and Latin America at globally between July 2015 and June 2016 deployment with 97 percent of all card-based 89 percent of EMV chip-enabled payments. used EMV chip technology, according to official payments being chip-to-chip. That is to say, Asia showed solid growth with the number figures released by technical body EMVCo. both the card and terminal used EMV chip of payments using EMV chip technology increasing to 58 percent, up from 33 percent in 2014-15. The US showed the largest rise PERCENTAGE OF CARD-PRESENT TRANSACTIONS THAT ARE EMV from a low base of 0.26 percent to 7.2 percent

83.77% Africa & The Middle East by June 2016. 89.94% “In addition to increasing global usage, the Asia 33.55% most recent data shows rapid adoption of 57.93% EMV technology in regions that have recently 86.95% Canada,Latin America & The Caribbean 88.81% implemented EMV chip infrastructures, such

96.94% as the United States and China,” stated Soumya Europe Zone 1 97.60% Chkrabarty, chair, EMVCo executive committee. July 2014 - June 2015 65.41% “With this continued migration, EMVCo Europe Zone 2 July 2015 - June 2016 74.98% expects these figures to increase in the 0.26% coming year, which could mean that global The United States 7.20% EMV transaction volumes would exceed half of Source: EMVCo 0% 20% 40% 60% 80% 100% all card-present payments.”

8 payments cards & mobile | January / February 2017 www.paymentscm.com INDIA card notes

CASH BAN CAUSES CHAOS IN INDIA

Many in India were unprepared when prime their daily needs. Workers in the cash-in-hand minister Narendra Modi announced a surprise economy, such as barbers, rickshaw drivers ban on higher denomination notes. The Rs500 and vegetable sellers, were forced to turn away and Rs1,000 rupee notes ceased to be legal customers if they did not have change. tender overnight on 08 November in a government Small businesses, the unbanked and those crackdown on corruption and tax evasion. living in rural areas where bank branches are The two notes (around $7.50 and $15) more scarce were particularly hard hit. Bulk million people,” said Navroze Dastur, managing accounted for 86 percent of cash in circulation buying of non-perishable foodstuffs to use up director, NCR Corporation, India. by value. Indians had until 30 December to high denomination notes became prevalent, The new notes were slightly smaller than deposit old notes in bank accounts. In the first ten as did barter and the issuing of credit notes. the old ones, which necessitated modifications days after the ban, the Reserve Bank of India, the Most Indians lack the means to use non-cash to the ATM cash drawers. India's central bank central bank, said that around $80 billion-worth of payments, even if they wanted to. In a country set up a task force under deputy governor SS banned notes out of more than $220 billion high with around 700 million debit cards, there are only Mundra to oversee the recalibration of ATMs. value notes in circulation had been returned. The around 700,000 acceptance outlets. It is a similar “The only challenge we faced was reaching all banned notes are being replaced by new smaller story with regard to ATMs. the ATMs in the far-flung regions before the 30 Rs500 and Rs2,000 bills. “The demonetisation activity has shown that November deadline for the completion of the The move caused widespread disruption to we are a highly under-penetrated market as far activity. The formation of the task force helped India’s predominantly cash-based economy. as ATMs goes. We barely have 150 ATMs per us align all resources in such as way that they Long queues formed at banks and ATMs as million people when compared to other populous could be optimised for this major exercise,” people sought to withdraw or exchange cash for countries such as China where it is 350 ATMs per explained Dastur.

www.paymentscm.com payments cards & mobile | January / February 2017 9 card notes US

FEDERAL RESERVE PAYMENTS STUDY HIGHLIGHTS STRONG TRENDS IN CARD USE

Card payments accounted for more than volume and value of payments across the the introduction of EMV chip cards. Just over two-thirds of all core non-cash payments various payment types. Debit cards had the a decade ago, cheques were the predominant in the US in 2015, according to a triennial largest share of payments by volume (i.e. type of non-cash payment. However since Federal Reserve study. Card payments grew number) but the smallest share by value. At the 2007, debit card, credit card and then ACH 19.9 billion from 2012 to 2015, led by debit opposite end of the distributions, ACH credit payments have overtaken cheques. Since the card payments which grew by 12.4 billion and transfers had the smallest share by volume but last triennial survey in 2012, cheque payments credit card payments which grew by 6.9 billion. the largest share by value. have fallen at an annual rate of 4.4 percent by Prepaid card payments grew by less than one As with many countries, payment habits volume and 0.5 percent by value. Yet for the billion over the period. in the US have developed over time and are first time since the descent began in the mid- Overall domestic non-cash payments formed by various cultural, political, economic 1990s, the rate of decline of cheque payments totalled an estimated 144 billion, up 5.3 and technological factors. Consumers and slowed. The US is still a nation of ardent percent annually from 2012. The total value of businesses rarely go out of their way to pay in a cheque-writers. these transactions increased 3.4 percent over new way. Consequently there is always a time- The study bears out the fact that the US the same period to nearly $178 trillion. lag on change, although the pace of change is late to EMV migration. In 2015 only two As with previous studies, the data for 2015 has accelerated since the millennium. This is percent of US in-person general-purpose card showed an inverse relationship between the particularly with regard to cheque usage and payments were made using a chip card. 54 percent of card fraud was via the card-present channel, whereas 46 percent was via remote TRENDS IN NON-CASH PAYMENTS 2000-2015 BY VOLUME (NUMBER) or card-not-present channels. However, given 60 Number of payments (billions) Non-prepaid debit cards that the share of remote payments is estimated to be small (19 percent) relative to in-person 50 payments (81 percent), the remote fraud rate is already higher by value than the in-person 40 fraud rate. This trend is set to continue

30 Credit cards as the EMV migration displaces fraud to

96.94% remote channels. ACH 20 The study covered the total volume and value of all non-cash payments estimated to 10 have been made in 2015 by US consumers Prepaid debit cards and businesses, including for-profit and not- 0 for-profit enterprises, federal, state and local 2000 2003 2006 2009 2012 2015 government agencies. These included debit, Note: Prepaid debit card includes general purpose, private label, and electronic benefit transfer. Source: The Federal Reserve Payments Study 2016 credit and prepaid cards, electronic credit and debit transfers using ACH and cheques.

UK CONSUMERS SUPPORT DATA-DRIVEN FRAUD PREVENTION

The majority of people interviewed for a UK The research suggests that clarity around response. Of the respondents who said they survey accepted the use of transactional data safeguards — many of which are already in would find transactional data use acceptable to combat fraud, if there were safeguards place — would give people the assurance that if safeguards were in place, between 77 in place. their anonymity and privacy will be protected. In percent and 86 percent indicated that these However, a core of people (16 percent) said short, people would be more likely to accept the four safeguards would indeed make data use that even if safeguards were in place, they use of transactional data if they knew exactly more acceptable. would find this use of data unacceptable. When what the information would be used for and Safeguards are persuasive and build asked why, the main objections were around that it would only be used for these purposes. engagement and acceptance, if they are clearly security, the threat of hacking and criminal More specific reassurances around communicated to customers. The research exploitation of data. Anonymity, privacy and legislation, regulatory oversight, anonymity and was conducted on behalf of Accura, the concerns around whom the data would be the identity of those who would have access insight business of UK payment infrastructure shared with were also mentioned. to the data attracted nearly the same level of operator VocaLink.

10 payments cards & mobile | January / February 2017 www.paymentscm.com UK card notes

A NEW WAY TO PAY?

The UK payments strategy forum has delivered of the ACH, Faster Payments and LINK ATM technologically savvy. We need to address a new strategy to overhaul the nation’s payment network, will have on these consolidation the issue head on,” said Ruth Evans, chair, systems, making it fit for the 21st century. efforts. The acquisition could itself alter payments strategy forum. In its official statement, the forum set up by the UK payments landscape through the Another proposal is the introduction of the payment systems regulator billed this as potential convergence of card and non-card ‘request to pay’. This will allow customers to the most radical change in payments since payment rails. authorise a regular payment, such as a utility the 1960s. The strategy also proposes a new bill or gym membership, before the company The strategy recommends consolidating ‘confirmation of payee’ function to help prevent withdraws the money from their account. It is the governance of the three UK payment financial fraud. This will help prevent people aimed at helping people on low or fluctuating system operators: Bacs, the Cheque and Credit sending payments to the wrong accounts, incomes, who may struggle to settle their Clearing Company (C&CCC) and the Faster either by accident or by being tricked into doing accounts at the same time each month. Payments Service into a single entity. This new so. It will ensure a confirmation of the recipient The forum has set out a roadmap for work entity will be responsible for implementing a is sent to the payer before any funds leave to start immediately to establish the building new simpler, more accessible and responsive their account. blocks for the strategy by 2020. Time will payments architecture. “Around £755 million was stolen from UK tell whether the strategy will deliver durable It is not known what bearing Mastercard’s bank accounts last year [2015] and the problem change, or the type where everything changes £700 million bid for VocaLink, the operator looks set to worsen as criminals become more so that it can stay the same.

THE FUTURE IS HAPPENING IN REAL-TIME

Consumer-facing technology brands have done and testing costs. The research drew on 15 However, small and medium-sized banks face much to reset expectations around speed, but executive interviews with large and small banks, unique challenges when implementing real- also convenience, value and choice. Users expect technology providers and payment processors. time payments. Upfront costs may consume a payments to keep pace with the speed of service It also considered six bank and processor case large proportion of available budget. Devising in other areas of their lives. To meet customer studies around budget and cost issues. The report payback times and business cases requires expectations and set themselves up strategically was prepared by Lipis Advisors on behalf of Icon careful consideration. A quick time-to-market may for the future, real-time, immediate or instant Solutions, an IT payment consultancy within the accelerate return on investment, yet the solution payments are now a necessity for banks around financial services sector. must be future-proofed, and be flexible enough the world. But how does a bank put strategy into When implementing real-time payments, to facilitate innovation and inevitable regulatory action and implement real-time payments? the main technical considerations are around compliance requirements. A recent report Instant Payments: Insights enhancing systems to support 24/7/365 Interviewees reported pursuing one of two from early adopters considered the challenges for operations. Stakeholder processes and back-end strategies to implement real-time payment smaller banks and those in secondary markets, systems, such as core banking, fraud prevention capabilities. Either upgrading existing legacy and how to overcome them. With smaller budgets and sanction screening, must operate around systems through a targeted approach, which adds and fewer IT resources than larger banks, smaller the clock. New front-end applications that utilise a real-time module alongside legacy systems. Or banks require targeted, cost-effective solutions. real-time functionality, such as mobile and P2P pursuing a broader system modernisation, which They must also seek to minimise implementation applications, may also be built out. consolidates interfaces with legacy systems, or even replaces them with a new central platform or payments hub. SCENARIOS FOR CUMULATIVE COST OF INSTANT PAYMENT SOLUTIONS Irrespective of the strategic approach chosen, 5000k 4500k a bank can then either implement an off-the- 4000k shelf solution, or custom build one from scratch. 3500k Naturally the current state of bank IT systems, 3000k 2500k the overall business goals and broader market 2000k context help determine the strategic approach and 1500k 1000k implementation path. CLIMATE COST IN EUROS 500k Initial investment costs are typically split: 40 0 percent on hardware and software licensing costs, YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR YEAR 0 1 2 3 4 5 0 1 2 3 4 5 0 1 2 3 4 5 35 percent on system integration, configuration Note: All costs except for maintenance costs are cumulative New Maintenance Testing License and customisation, and 25 percent for system Old Maintenance Integration Hardware Source: Lipis Advisors GmbH testing, the report found. www.paymentscm.com payments cards & mobile | January / February 2017 11 cover story

PAYMENT CARDS IN EUROPE

by Horst Foerster - Head of Research, Payments Cards & Mobile

Cards and card payment at the point of sale and online showed solid growth rates in most European countries in 2015. This was supported by the roll-out of new technologies, such contactless, digital wallets and mobile NFC. We examine the statistics and notable trends.

Cards in issue and card payments by volume 2010. The statistical ATV per card payment was per capita on average across Europe. Only six and value showed significant rates of growth €48.69, down slightly from €49.01 in 2014. This countries recorded a decline in the total number once again across the 33 countries covered in may reflect the increasing use of contactless of debit cards. The greatest declines were seen the Yearbook. POS payments showed further cards for low value payments. in Iceland (-17.2 percent) and Cyprus (-11.5 strong growth, while cash withdrawals grew percent). Greece, Denmark and Sweden showed slightly. By the end of 2015, card payments by Notable trends include: higher debit growth than usual. volume (number) accounted for 50.24 percent • Card payments by volume and by value There were 48.3 billion payments on debit of the cashless payments in the region, up from between 2011 and 2015 continued to grow cards in 2015, a 12.6 percent increase on 2014. 48.51 percent in the previous year. higher than the compound annual growth All the major developed markets continued rate (CAGR). to show significant growth in the number of CARDS AND CARD USE IN EUROPE • Contactless cards and payments became the debit payments in 2015. The leaders UK and new normal in Europe and gained significant France accounted for 21.8 billion debit card Across the European countries covered in the traction in 2015. payments in 2015, an impressive 45.1 percent Yearbook (E33), there were 991.4 million cards • Digital payments are continuing to grow, of the regional total. With specific regard to in circulation at end-2015, up by 2.4 percent supported by the deployment of digital wallets, Germany, 2.03 billion card-initiated IBAN-based from 967.8 million in 2014. The number of such as MasterPass by MasterCard and Paylib ELV direct debits totalling €112.4 billion are no cards per capita was on average 1.53 in the by the French banks. Competition from non- longer included in the debit card total. EU28 countries and 1.63 in the E33 countries. card based alternative payment methods is also However, card holding varies significantly hotting up. Notable trends include: between countries, ranging from a low of 0.75 • The ‘Pays’ (Android Pay, Apple Pay and • By mid-2017, the Austrian electronic purse in Romania to a high of 3.77 in Luxembourg. Samsung Pay) continued their push of Quick will be phased out, leaving the German In 2015, 69.7 percent of all bank-issued cards mobile HCE NFC payment services across GeldKarte as the last active e-purse. were debit cards. the continent. • Almost all domestic debit card schemes have In 2015, there were 59.95 billion card • The interchange fee cap and payment started the roll-out of contactless cards. payments in the E33 countries, a growth rate application selection provision became of 11.5 percent. There were 98.4 payments effective on 9 December 2015 and 9 June CREDIT/DELAYED DEBIT CARDS per capita on average, ranging from 11.1 in 2016 respectively, changing the commercial Bulgaria and 13.3 in Greece to a high of 382.4 framework for many card programmes. In 2015, the total credit/delayed debit card base in Iceland and 373.6 in Norway. Additionally, grew by 12.5 million cards to 310.8 million, remote payments on the internet and payments DEBIT CARDS an increase of 4.2 percent on 2014. There initiated from mobile devices grew by more were 0.51 credit cards per capita on average than 10 and 20 percent respectively in 2015. In 2015, the region’s total debit card base across the E33 countries, although credit cards The value of card payments across the E33 grew by 19.0 million cards to 691.5 million, countries, such as Greece, Ireland, Turkey and countries grew by 10.8 percent up to €2,919.2 an increase of 2.8 percent, and CAGR of 3.0 the UK accounted for 127.4 million cards, 41.0 billion at the end of 2015, up by 45.5 percent on percent. There are around 1.13 debit cards percent of the total.

12 payments cards & mobile | January / February 2017 www.paymentscm.com cover story

There were 11.7 billion delayed debit/credit card period. In 2015, three countries – Greece, Spain percent on 2014. The UK credit card market payments in 2015. With a CAGR of 6.6 percent and Sweden – recorded a fall in the number of has essentially been flat for several years but growth over the last five years, credit/delayed payments on credit/delayed debit cards. began to grow again from 2009 and showed a debit card payments increased less than the The value of credit/delayed debit cards 9.9 percent year-on-year growth in 2015. The rate of debit cards, 8.1 percent over the same payments was €772.1 billion, a rise of 5.3 value of spending on credit/delayed debit cards

TABLE 1 - SELECTED REGIONAL CARD MARKET SUMMARY 2011-2015

2011 2012 2013 2014 2015 GR 14/15 CAGR 5Y Total cards in the European E33 countries (m) 902.7 926.0 951.0 967.8 991.4 2.44% 2.28% - thereof debit cards (m) 615.9 635.4 664.3 672.5 691.5 2.82% 3.03% Payment cards per capita (EU28) 1.45 1.47 1.50 1.51 1.53 1.32% 1.08% debit cards in % of cards total 68.2% 68.6% 69.9% 69.5% 69.7% 0.37% 0.73% Card Payments in the European E33 countries (m) 41,972.6 45,327.8 49,436.9 53,778.7 59,954.2 11.48% 9.26% Value of card payments in the E33 countries (€bn) 2,159.8 2,327.9 2,458.0 2,635.5 2,919.2 10.77% 7.79% ATV per card payment €51.46 €51.36 €49.72 €49.01 €48.69 -0.64% -1.34% Average payments per card per year 46.5 49.0 52.0 55.6 60.5 8.83% 6.83% Card payments per capita 75.1 81.8 81.6 88.4 98.4 11.25% 7.10%

- thereof debit card payments per capita 54.7 59.1 64.8 70.6 79.3 12.41% 11.37%

Note: Only 30.3% of all cards in the region are of type credit card and/or delayed debit card. Source: Yearbook Research (European E33 countries). © Fotolia, FIME © Fotolia,

Annonce 180x125.indd 1 25/01/2017 15:24 www.paymentscm.com payments cards & mobile | January / February 2017 13 cover story

fell in Spain and Sweden due to a change in Notable trends include: 10.7 withdrawals in Norway up to the high 44.0 statistical reporting. • 78.6 percent of all domestic POS payments withdrawals in Portugal. on cards in Europe are now EMV transactions, The total value of cash withdrawn grew Notable trends include: according to the ECB. overall by 6.3 percent in 2015, which was higher • Almost all the remaining domestic credit • The roll-out of contactless POS terminals than the compound annual growth rate of 3.5 card schemes have started the roll-out of continued and more tablet-based solutions percent between 2010 and 2015. contactless cards. were used in combination with mPOS terminals. A total of €1,775.7 billion was withdrawn from • The domestic interchange fee cap for delayed • Innovation at POS continued with various ATMs across in the region in 2015, with the ATV debit/credit consumer cards has helped to payment and loyalty applications based around per withdrawal being €128.13. The UK, France, stimulate credit card acceptance. QR-codes displayed, Bluetooth (BLE) and and Germany accounted for 50.2 percent of the beacon technologies. total of cash withdrawn by value, down from POS TERMINALS AND POS PAYMENTS 59.4 percent in 2005. ATMS AND CASH WITHDRAWALS In 2015, the POS terminal base grew across Notable trends include: the E33 countries by 3.7 percent to 13.33 The number of ATMs continued to grow • ATM terminals installed and cash withdrawals million (CAGR: 3.7 percent). The roll-out of slightly across the E33 countries covered in by number and by value continued to decline in contactless POS terminals and mPOS terminals the Yearbook, advancing to 458,134 ATMs (+0.1 many countries. has contributed to the stronger growth percent). Again, the growth rate in 2015 was • Contactless ATMs, card-less withdrawals from 2014. lower than the already low CAGR of 0.8 percent initiated using mobile banking apps, biometric The total number of POS payments was 55.7 over the last five years. The number of cash authentication and the extension of the ATM billion, up from 50.2 billion in 2014. There was withdrawals per ATM per month amounted to as a self-service channel both in-branch and an overall growth rate of 11.0 percent compared an average 2,520.8 withdrawals. outside of core banking hours are becoming to 2014, higher than the CAGR of 8.3 percent In Europe, there is a mid-term trend of more widespread. seen in the last five years. There were 91.4 POS declining ATM installations, due to bank payments per capita per year on average, with mergers and the higher use of cards at point THE EUROPEAN PAYMENT CARDS a statistical POS ATV of €48.07 across the of sale and for remote payments. In 2015, ATM YEARBOOK 2016-17 EU28 countries. Naturally the POS ATV varies density per one million capita showed a wide according to country and reflects national range from 278.3 in mature Finland to a high The latest edition of payment habits. At one end of the scale was 1,387 in Portugal. the European Payment Latvia with an ATV per POS payment of €15.5, The total of cash withdrawals by number Cards Yearbook 2016- and at the other was Greece with €77.4. across all the E33 countries covered in the 17 is based on end- POS payments per capita once again showed Yearbook showed an overall growth rate of 2015 payment industry a range from 8.7 POS payments in Bulgaria up 0.6 percent in 2015, which was lower than the figures. It reports the to an extremely high 393.6 POS payments in compound annual growth rate of 0.9 percent recent card market Iceland. The Nordic countries top the table of over the last five years. There were 13.86 developments and the payments at POS: Iceland, Norway, Sweden, billion cash withdrawals performed across latest card business Denmark, Finland; followed by the UK, Estonia, the E33 countries. In 2015, there were 22.7 trends. Rich statistical data is provided by the Netherlands, France and Belgium. withdrawals on cards per capita, ranging from country, including typical key performance

TABLE 2 - POS TERMINALS IN EUROPE

2011 2012 2013 2014 2015 GR 14/15 CAGR 5Y POS Terminals (000s) 11,584.9 11,762.8 11,797.7 12,845.1 13,326.9 3.75% 3.69% Ø Number of TXs per POS per month 294.0 314.0 336.0 325.7 348.4 6.99% 4.48% POS Payments (m) 40,872.3 44,320.6 47,564.2 50,198.8 55,722.4 11.00% 8.33% Value of POS Payments (€bn) 2,102.5 2,291.0 2,360.9 2,470.6 2,678.7 8.42% 6.83% ATV per POS Payment €51.44 €51.69 €49.64 €49.22 €48.07 -2.33% -1.38% POS Payments per capita per year 68.2 73.7 78.9 82.9 91.4 10.35% 7.97% POS Terminals per 1 million capita 19,411.7 19,628.3 19,575.5 21,204.0 21,869.3 3.14% 3.26% - thereof in EU28 per 1 million capita 17,949.4 18,398.1 17,827.4 20,624.4 21,893.2 6.15% 4.74% Note: figures are for payments on cards at POS terminals made with domestic cards and with cards issued abroad. Source: Yearbook Research (E33 countries).

14 payments cards & mobile | January / February 2017 www.paymentscm.com cover story

indicators to document the growth of cards wallets and mobile payments initiatives profiles and from the European Overview in issue and the growth of transactions by by country are also included, along with section of the European Payment Cards number and by value. notable trends. Yearbook 2016-17. Further information on leading issuers, acquirers and processors, on cards and Note: This article is compiled using detailed For more information visit: remote payments via the internet, digital information adapted from individual country www.paymentcardyearbooks.com

TABLE 3 - ATMS IN EUROPE

2011 2012 2013 2014 2015 GR 14/15 CAGR 5Y ATM Terminals 446,934 450,445 452,110 457,544 458,134 0.13% 0.84% Ø Number of TXs per ATM per month 2,518.0 2,529.8 2,532.9 2,508.4 2,520.8 0.50% 0.08% ATM cash withdrawals (m) 13,504.7 13,674.5 13,742.0 13,772.2 13,858.4 0.63% 0.92% Value of ATM cash withdrawals (€bn) 1,537.3 1,597.3 1,613.3 1,670.6 1,775.7 6.29% 3.49% ATV per ATM cash withdrawal €113.83 €116.81 €117.40 €121.31 €128.13 5.63% 2.54% ATM cash withdrawals per capita per year 22.5 22.7 22.7 22.6 22.7 0.42% 0.61% ATMs per 1 million capita 743.0 747.4 746.3 752.4 751.8 -0.08% 0.42% ATMs in EU27/28 per 1 million capita 873.8 868.4 857.5 894.2 878.7 -1.74% 0.29%

Source: Yearbook Research (E33 countries).

www.paymentscm.com payments cards & mobile | January / February 2017 15 cybercrime

CYBER HEISTS AND THE CYBER SECURITY FIGHT BACK

by Joyrene Thomas

2016 was the year when cybercrime reached record levels with a $81 million cyber heist on the Bangladesh central bank, and an unprecedented number of ATM attacks and data security breaches. We look back on the top cyber security threats of last year and how this may play out in 2017.

Individual bank customers may still represent used the SWIFT credentials of legitimate Change is often shaped by technology, how a lucrative long tail of phishing, ransomware organisations, which they tricked people into technology is used or a combination of the two. and fake anti-virus victims. But criminals have giving them, to steal from banks. “There have This is as true in the cybercrime/security arms changed focus and gone old-school. They have been a couple of further attacks since then. race as it is for innovation within any industry gone back to robbing banks. As with most of us, if something works, we sector. For example, computer viruses, worms “Criminals are going for the big money — tend to repeat it. Criminals seem to have been and so on have been around for years. They the places where billions of dollars are being getting some traction, so they will keep doing pre-dated the first use of the term ‘malware’ transferred, rather than going for the petty that as long as it proves to be lucrative and they cash,” says Itay Yanovski, co-founder and get a return on investment,” says David Emm, senior vice president of strategy at Israeli cyber principal security researcher at Kaspersky Lab. “A lot of providers security firm Cyberint. The hacks have gone These attacks illustrate the changing are being integrated high-tech. Bank robberies have been re-booted threatscape. The idea of the lone, opportunist for the digital age. thief or hobby hacker out for fun or misadventure into the banking disappeared with the filmWargames in the mid- THE SHAPE OF THINGS TO COME 1980s. Cybercrime is now serious, organised ecosystem, and crime perpetrated by international crime rings. this is a source of Attacks are taking several forms. Firstly, Their structures resemble well-run multi- attacks on banks and bank networks. Secondly, nationals. Their operatives are highly skilled, vulnerability.” attacks on ATMs, which range from brute resourced and motivated to monetise their force physical attacks to skimming and crimes on an industrial scale. Itay Yanovski, Cyberint digital hacks. Finally, hijacking or mis-using Criminals are hacking banks but also how interbank systems. banks operate. They recce bank staff, use social (malicious software) in 1990. The initial uses The central bank of Bangladesh suffered a media and strike via the supply chain or extended of malware were mainly vandalism or mischief high-profile $81 million cyber heist in February enterprise. Vulnerability to this last attack vector with no pay-out. Yet nowadays almost all 2016. This was not so much an attack on is only set to increase as banks become more malware has been weaponised for theft. We the SWIFT interbank network itself. Criminals digital and integrate more third party providers. are on the cusp of a similar change around

16 payments cards & mobile | January / February 2017 www.paymentscm.com cybercrime

“The biggest FIGHTING AN ASYMMETRIC WAR? him, banks need to reach beyond the perimeters of their own networks. “Banks need to extend vulnerability in In cyber security circles, there is much talk their defence capabilities both in terms of of a so-called ‘asymmetric war’ between depth and breadth. They need to be able to systems ten years cyber attackers and cyber defenders. The respond to the threat rather than to the incident, ago and now is bad guys are getting better quicker than the and extend their defence reach beyond the good guys. They co-operate better. They do perimeter. Beyond their own systems to the individuals. We’re not have to quality assure anything in depth digital environment where partners, suppliers, a lot better at before releasing it into the wild. Or justify customers and threat actors are active.” changes through endless approval boards or Elad Ben-Meir, vice president, marketing patching systems committees. They are the epitome of agile with at Cyberint picks up the theme of threat an in-built ‘fail faster’ attitude. So, what can be intelligence with some practical examples. than patching done in the face of such attacks and attackers? people.” A bank’s technical controls have to be equal to the threat. This is particularly around “It is asymmetric, integrity checking, anti-exploit capabilities David Emm, Kaspersky Lab but I don’t think it and authentication. Such controls need to the Internet of Things (IoT) and how this be deployed for internal as well as external necessarily means technology can be used or mis-used. systems. Yanovski feels that we will see more Around 6.4 billion physical objects worldwide solutions and capabilities being developed that the attackers were connected via the IoT in 2016, which and implemented in this area. “Having always have an is expected to rise to 20.8 billion by 2020, said that, I think that banks have come to according to Gartner. “More and more realise something even more important. Our edge.” areas of our lives are becoming connected, assumption as cyber security professionals is but what it means is that we offer a much not that you can prevent attacks technically. It’s David Emm, Kaspersky Lab bigger attack surface to anyone looking to a question of when, not if.” attack computerised devices,” says Emm. This echoes comments from a former FBI “You’ve got to think like a hacker and try to take Criminals will go after devices that have director, Robert Mueller, back in 2012. He is on the steps of your adversaries to identify any not traditionally been computers and thus record as saying there were only two types of potential threats and mitigate them before they where computer security has not been top companies: those that had been hacked and become incidents.” This involves being part of of mind for developers or users, for example those that would be. Even that was merging into the community, or at least having an insight CCTV cameras, smart electricity meters and one category: those that had been hacked and into it, to monitor the trends and potential baby monitors. would be again. If being breached and living attack vectors. “The whole threat intelligence- “We’ve seen a couple of attacks in recent in breach mode is the new normal, it is time to led approach, where you understand the months, manipulating IoT devices because look at the asymmetric war anew. It is time to intelligence first and then react to that allows of weak or default credentials,” explains re-think the cyber security fight back. you to be far more proactive in your defences,” Emm. If manufacturers ship devices with “Until quite recently, most organisations he says. passwords that are the same in every when they were thinking about cyber defence Another approach is to test your defences device, criminals can use tools to search were protecting the perimeter. They were based on known threats. “If you know that out vulnerable devices and then marshal trying to block attacks from getting into the someone is attacking you through social them to launch distributed denial of service organisation,” explains Emm. Given the focus engineering on your HR department, then (DDoS) attacks. This overwhelms specific IP of cyber criminals and the sophistication of simulate an attack on those staff. Measure addresses or web services with fake traffic attacks, it may better to move from prevention their awareness,” says Ben-Meir. These are to knock them offline. Security blogger Brian to resilience. “It’s safer to work on the basis that the controls already in place. If they are good Krebs found this out to his cost in September [criminals] might breach those defences, and enough to stop a specific known attack, this 2016 when his website was targeted in if they do, look at what you can do to mitigate will go some way to balancing the asymmetric one of the biggest DDoS attacks recorded, that risk.” This involves building up detection, ratios between attackers and defenders. registering 620 gigabits of data a second response and recovery controls, in addition to at its peak. preventative controls. For example, reducing IN SUMMARY Attacks on interbank systems and via the IoT the exposure of intellectual property, personal came onto the radar in 2016. They were not the customer or partner data, improving incident The use of zero-day exploits and advanced first attacks of their kind, nor will they be the response and operational resilience. persistent threats to hack into organisations last, yet they offer a definite indication of the Yanovski also talks about defence beyond make for great news headlines. Undoubtedly, shape of things to come. the perimeter, but in a slightly different way. For some attacks are highly sophisticated, www.paymentscm.com payments cards & mobile | January / February 2017 17 cybercrime

meticulously planned and use custom-written a good example. Bogus instructions to transfer supply chain or extended malware. Sometimes, however, the reality is funds is estimated to have affected 12,000 enterprise. And shift much more mundane and low-tech. Why go businesses worldwide at a cost of more than the mindset from risk to the trouble of hacking into an organisation $2 billion in the last two years, according to the prevention to risk resilience. — past firewalls, intrusion detection systems FBI. Phishing also continues to be a delivery In a technology-based industry such as and layers of encryption — when it is easier to mechanism for malware and ransomware payments, it is easy to over-emphasise hack a human? into businesses. technology and de-emphasise processes “You’ll find that probably the biggest There are no silver bullets in the fight against and people in a layered security approach. vulnerability in systems ten years ago and now is cybercrime — there never are with security. Just as humans may be the most exploitable individuals. We’re a lot better at patching systems Broad themes to consider when devising an link to criminals, they are frequently also than patching people,” says Emm. Criminals are appropriate cyber security response are for an organisation’s best frontline asset in the using the same attack vectors effective with organisations to trust less in their own networks fight against cybercrime. A winning cyber humans off duty on humans at work. CEO scams and data. Collaborate more and demand more security approach must include technology, as a form of phishing or social engineering are from vendors. Manage risk better within the process — and people.

GLOSSARY OF CYBERCRIME TERMS

Advanced persistent threat (APT) Malware The general term for malicious software, including viruses, worms, Unauthorised access to a network which remains undetected for a Trojan horses and spyware. Malware can take the form of executable long period. The initial attack usually uses sophisticated techniques code, scripts, active content and other software. Its purpose has and thereafter steadily exfiltrates data or gathers intelligence on the changed from experimental pranks to theft of personal, financial or organisation targeted. other monetisable data for monetary gain.

ATM jackpotting Patches

The general term for emptying an ATM of cash, usually through a Patches are software add-ons designed to fix software bugs, logical rather than a physical attack. Many such attacks involve including security in operating systems or applications. Patching deploying malware to gain control over ATMs, which are then against new security vulnerabilities is crucial to protecting against remotely triggered to dispense cash to a waiting money mule. malware. Every organisation should implement a robust patching regime to ensure the security of its applications, end points and Botnet network is up-to-date.

A robot network of compromised ‘zombie’ computers (often home PCs whose security has been breached), which functions as a Ransomware distributed, scalable computing network. A botnet can be monetised Ransomware locks computers or encrypts files and demands money to send spam e-mail, distribute malware or conduct activities where from victims to regain access to their devices or data. Ransomware considerable computing power is an advantage, such as DDoS is typically installed when a user clicks on a malicious link, opens attacks, click fraud or Bitcoin mining. a file in an e-mail that installs malware, or via a so-called ‘dive-by’ download when the user visits an infected website. Distributed denial of service (DDoS)

Evolving from ‘stresser’ sites designed by gamers to slow other Zero-day players down, DDoS attacks are back and more powerful than A computer software vulnerability that has yet to be publicly ever. New variants marshal IoT devices, such as smart TVs and announced or reported before becoming active. This means children’s toys, to overwhelm target sites with fake traffic and knock software vendors have zero days in which to create patches or work- them offline. arounds to mitigate any malicious effects.

18 payments cards & mobile | January / February 2017 www.paymentscm.com ADVERTORIAL b1nk

BORN DIGITAL IN 9 MONTHS: A STORY OF B1NK AND OPENWAY One of my friends once told me that if you cannot solve a problem with money, it does not necessarily mean that you must invest more. As an example, pregnancy is one of those things where paying more money won’t deliver a baby before nine months. This analogy can just as easily be applied to digital banking, and unfortunately most digital banking projects take much longer than nine months.

When it comes to updating or replacing legacy an important project quickly, the challenges can The first approach is to believe that a killer app platforms or implementing new solutions seem insurmountable. can solve all the digital problems. This method which underpin digital banking processes, Looking at the digital banking market today, seems easy but some market players criticise the the challenges involved can seem daunting to there are two different approaches to meeting concept, even in relation to good and expensive address, even when banks have big budgets at the challenges of offering a technology platform apps which could deliver a digital banking project. their disposal. And if a bank needs to deliver such fit for the 21st century. What can the app really achieve for the client if the www.openwaygroup.com b1nk

client does not have the digital products, services and workflow behind it? Especially if there are still manual or paper-based processes involved, or when there is no end-to-end online process in place? The second approach involves a full-scale implementation of digital business processes and technology completely from scratch. This second option may seem more efficient, but it comes with significant expense and risk, and involves a complete change in mindset. Is there another approach? Let’s take the default view that the digital banking project is an expensive, time-consuming and risky initiative. Looking at the market, most digital banking projects have considerable cost in terms of time and money, with expenditure often running into millions. Many such projects often take years to complete, running the risk that the market could outpace the project before it is even launched. Do we have an alternative? At OpenWay, we want to show you a project which illustrates this new approach for banking digitalisation. Working with Capital Bank of Kazakhstan, it took just nine months to build a digital banking platform completely from scratch, including a wide range of services. What’s more, it was delivered with an exceptionally low budget. When OpenWay started its discussion with Capital Bank in October 2014, the bank needed a platform to launch its digital business by April 2015 and be fully digitally enabled by July of the same year. The bank wanted all of its products and services completely digitalised and online, and with automated workflows. Without a physical branch network to consider, the bank’s objective was to be as customer-centric as much as possible, with most services provided via mobile, web and social networks, including customer and product on-boarding and cross-sales. The advantage that OpenWay had over its competitors in the market was our vast However, the digital banking project with Capital Capital Bank in just nine months. This included experience in implementing various digital Bank was a unique opportunity for OpenWay, WAY4-based financial product and service payment projects for tier-1 giants like SIX where the team could combine the functionality management, risk management, GL, switching, Payment Services, Equens, Nets, Sberbank of of its top-ranked* WAY4 digital payment platform clearing and settlement, mobile and web banking. Russia and ACB in Vietnam, as well as for and brand-new WAY4 omni-channel system, Afterwards, WAY4 digital wallet and WAY4 ambitious financial start-ups in Europe, Asia, alongside its digital service expertise and agile messenger banking were launched, making the Africa and Americas. OpenWay’s WAY4 digital approach. This was an ideal combination, bank a pioneer in digital and conversational payments platform has handled portfolios within enabling the client to realise its goals as banking – with the goal to give an exceptional a single implementation ranging from 50,000 envisioned. This is a story about how new retail customer experience, engage more customers, accounts to 180 million accounts, 500,000 banking brand – B1NK – was born. enlarge the number of value-added payment mobile merchants and around 20 million As a result, OpenWay managed to implement services, and optimise customer service costs. transactions a day. the digital banking technology platform for With the WAY4 omni-channel system already www.openwaygroup.com b1nk

in place, the bank started its PR campaign four fintech start-ups. It helped the bank to launch and team to develop its unique services and design. months after the project started and attracted validate new business concepts quickly on a low Beyond that, OpenWay provided Capital Bank around 50,000 clients in the first few months. budget, and to scale up the successful business with a unique customer experience, design and The key element for the project was the concepts quickly to high volumes. UX concept. The interface is not difficult to learn technology supporting all of the digital business Another key differentiator of the WAY4 to use as it is natural and intuitive, seeing as it is processes. The agile delivery approach and technology is the consumer experience concept. formulated from the customer point of view. open banking functionality of WAY4 gave the It was important to have an interface that could One of the illustrative examples could be the bank the opportunity to organise not only the be used by those consumers familiar with typical up-sell approach used by the WAY4 channels: the internal processes of the bank on a new level, banking language, but also an interface that at bank’s clients can see their personal interactive but also establish a digital banking ecosystem the same time was user-friendly and speaks offers from the bank and its partners, formulated involving business and technology partners such the language of social network apps. The WAY4 in the customer language (e.g. “I want a new car” as merchants, service providers, vendors and solution included the API which allowed the bank or the most popular option “I want to be

www.openwaygroup.com b1nk

happy”) which provide immediate enrolment for and Capital Bank started with technology and the products and services through the app and its continued with creativity. The whole project was back-office digital processes. organised with agility and speed to market in But cooperation between the bank and the mind, so all the team members of both the vendor vendor have not been limited in any way by the and the bank had the same context, working technological scope. Working together on omni- closely with each other and sharing the same channel implementation, OpenWay created a understanding of the project from A to Z. The completely new brand for the digital bank – other crucial factor was the chemistry between B1NK is the first digital bank in the country. the teams, and the combined ambition to become B1NK’s main target market is the audience of a pioneer in the digital banking space. people aged 25 to 45, with a motto of “the bank Based on the experience of this extremely that is easy as jeans and a convenient as a fast digital banking implementation, OpenWay companies – a unique opportunity to become smartphone”. B1NK addresses the need of these has continued to launch digital banking projects digital faster and with minimum risk, compete on consumers for simple and convenient banking, for its clients who have their classical banking value-added services and efficiency, and innovate not only for the new generation but also for businesses but want to build digital banking quickly. mature people who communicate through social within an integrated model or as a separate networks with help of OK Google and Alexa, or business. The WAY4 platform is open and attuned * OpenWay was ranked as a Market Leader who use apps like Uber for city trips, Zova for for online and high-volume digital services, in the category of Card and Merchant fitness, Vivino for vine shopping, or Rome2Rio for flexible product management and the omni- Management by Gartner since 2009 and Ovum travelling. These consumers typically do service channel concept. These elements, combined with in 2015-2016 and in the category of White- enrolment, purchases and payments online, use speed to market, means that budgets for projects Label Digital Wallets by Ovum in 2016-2017. various payment methods and do not want to are significantly lower when compared with wait for service. alternatives. This gives OpenWay clients – banks, To download the reports please visit us at It’s no surprise that the teams of OpenWay payment processors, telcos, oil and e-commerce www.openwaygroup.com artificial intelligence

THE RISE OF THE MACHINES

by Joyrene Thomas

Move over Big Data. There are two new buzz words in town: ‘artificial intelligence’ and ‘machine learning’. The claims being made for these technologies are just as significant, if not more so than those made for Big Data three to five years ago. So, how widespread is the use of artificial intelligence today? And what are the implications for the payments industry?

The rise of powerful artificial intelligence networks or connectionism. Additionally, will either be the best or the worst thing evolutionary programming, cellular automata Many claims are ever to happen to humanity, according to and dynamical systems. ‘artificial’ artificial Professor Stephen Hawking. Meanwhile the chief executives of Microsoft and Google have OK COMPUTER intelligence — said that the technology will change not only computing but every industry and business Many claims around AI are definitely artificial. automation or process. Artificial intelligence is trending high AI is used to mean automation or ‘doing things in the hype cycle. It seems as though every with data’. Sometimes even the automation ‘doing things company has a product claiming to have is artificial. A human or manual process is with data’. artificial intelligence built in, but that is not masquerading behind the computer facade. quite how it works. “There’s almost nobody in the world actually similarities with what we are calling artificial Artificial intelligence, or AI, is essentially doing artificial intelligence — only very few intelligence. I think that ‘machine learning’ is a making computers do what minds do. people,” says Martin Sweeney, co-founder and much more accurate description of what people The term was originally coined in 1956 by CEO of fraud prevention firm Ravelin. Some are actually doing, which is to say statistics John McCarthy, an American computer of the deep learning aspects of Deep Mind, with reinforcement.” and cognitive scientist, to name what had which is Google’s technology, and some of A company could take a simple pass through previously been called ‘computer simulation’. what Facebook and Amazon are doing could a data set to determine what makes customers As an academic discipline, AI encompasses be classified as AI. “What you are seeing is good or bad. This is supervised, feature various technological and scientific areas. In the domination of artificial intelligence among extraction-driven statistics. “The machine her book AI: Its Nature and Future, Margaret one or two big players, who are hoovering learning part comes when the world changes Boden divides AI into five major types, each up talent from academia. No-one else can and I need to re-think my strategy. This is about including many variations. For completeness, afford this. Actually, not many people need to,” taking your data feed and re-generating your these are classical or symbolic AI. This is continues Sweeney. models as quickly as possible to re-encapsulate sometimes charmingly known as GOFAI (good “You still get fantastic results using more your understanding of the problem you are old-fashioned AI). Secondly, artificial neural conventional technologies with very many solving,” says Sweeney. www.paymentscm.com payments cards & mobile | January / February 2017 23 artificial intelligence

LESS SCOPE, MORE SPEED combination of both, numerous other markets why transactions have been declined. This are also exploring or implementing real-time is their number one resource to optimise the Computers are intelligent — at least they can payments. The payments industry crossed the system, and see future trends that may not be programmed to be. There are a couple of rubicon long ago. Machine learning is part of even be in the data. These humans are hired caveats, though. The intelligence is niche, and the present and will be part of the future. sometimes the methods used are very unlike human minds — and perhaps all the better for it. BEYOND THE BLACK BOX It may seem “One of the criticisms of the term [artificial intelligence] is that it made people think that Users and suppliers of machine learning counterintuitive what was going on behind was that computers technology will have to grapple with various would act as intelligently as a human being. questions, some of which are not new. One of but having less That is still far down the road,” says Dr Ulrich these is causation. Humans like to make sense information can Dorndorf, chief technology officer at advanced of the world through causal links. We like to optimisation software company INFORM. believe that every effect has a cause and vice lead to better “When computers are intelligent, it works versa. So, how do we explain the workings of well when they are intelligent in certain niche machines to humans? predictions. areas. We have taught computers to play There are techniques in artificial intelligence chess and they are successful to the degree and machine learning that are more prone to be to want to know why.” However, the ultimate that no human can now compete with any understood by humans, explains Dorndorf from customer in front of the ATM or POS device of the good chess programmes, but it’s a INFORM. For example, with rule-based systems does not necessarily want to know why the niche intelligence.” where experts represent their knowledge in transaction failed. While declines are annoying, The practical applications have come by the form of rules, system operators can look typically customers just take out another harnessing this niche intelligence. Also by up which rules led to a conclusion. Conversely payment method, and do not ask their bank for programming computers to think and learn there are techniques that will essentially remain an explanation. differently, rather than replicate how humans a ‘black box’, at least for the moment. “Neural would perform the task. The pattern recognition networks are an example of a ‘black box’ CUT ON THE BIAS aspects of machine learning are widespread approach. People and scientists recognise that and already part of our lives. It helps Google they work quite well in certain areas, but even The extent to which machines can be biased is serve adverts on websites, depending on what from a scientific point-of-view the question an old issue in machine learning. Psychologists the user has looked at in the past. It is part of is still open why this is so,” says Dorndorf. have found that humans often tend to prefer e-mail spam filters. Naturally, it is also used by Naturally, it is possible to layer the various simpler models for explaining things in the banks in transaction monitoring, credit scoring technologies. “We find that our customers, as world. Based on these simple models, they and risk management. users of the technology that we deliver, prefer then generalise and draw conclusions for Machine learning techniques enable approaches where the logic does not remain a other situations that are new to them. Similarly, companies to analyse huge amounts of data completely ‘black box’.” simpler statistical models often have a high — and to do so quickly. “To pinpoint fraud in Hochmuth makes an important distinction bias, which enables them to generalise better. real-time, you have to adapt to constantly between humans in the discussion about The aim of a statistical model is not to most new patterns. That’s the main complexity: too causation. “The human specialists in the bank accurately predict outcomes for those in the much data has to be combined that it is close are very much interested in understanding sample. It is to achieve the best predictions to impossible for humans to react in the time for those outside the sample. By adding more period needed,” explains Konrad Hochmuth, and more predictor variables, the modeller strategic business developer, INFORM. “It works is adding information. However, it may be Whereas in the past a bank may have had the very information, enabling them to more two-three days to cross-check a payment, well when accurately predict aspects about the existing real-time payments are typically on the sample, or even peculiar to the sample. These beneficiary’s account within ten seconds. Real- computers are are not aspects which apply more generally to time payments is driving real-time decisioning. the population. It may seem counterintuitive The regulators are in turn driving the banks intelligent in that having less information can lead to better in this direction. The European Central Bank predictions. Yet simpler models avoid the is expecting “at least one instant payment certain niche problem of ‘overfitting’, where they follow the solution in euro” to be available “to all payment learning data too closely, and perform poorly service providers in Europe” towards the end of areas.” when confronted with new situations. 2017, according to its website. Irrespective of “From a human language point-of-view, bias whether it is regulator-pull, customer-push or a Dr Ulrich Dorndorf, INFORM always has a notion of being prejudiced and

24 payments cards & mobile | January / February 2017 www.paymentscm.com artificial intelligence

thus it is something you would want to avoid,” Nick Bostrom, founding director of Oxford ones which cannot easily be replicated by says Dorndorf. “Algorithms per se I don’t think University’s Future of Humanity Institute, machines. Cathy Davidson, co-director of the can be biased. But algorithms are something believes that machines will replicate and annual MacArthur Foundation Digital Media that is invented by humans. Human decisions surpass the intelligence that gives humans and Learning Competitions, claims that 65 about data that you feed into algorithms and their dominance within our lifetime. Certainly percent of children will do jobs that do not about the design of algorithms are, of course, within the lifetime of our children. Therefore exist today. subject to human bias.” AI will have a broad impact on humanity and, Machines will get smarter, so will humans. The issues around causation and bias are a to Professor Hawking’s point, we do not know Yet the smart future will be powered by data. moot point. End customers may not be asking exactly how. Technology is morally neutral, so This really is the new oil on which the modern right now why their transaction has been we cannot guarantee that only the good guys economy will run. This is not lost on European declined. But how long will it be before they are will have AI or build it. As to the technology regulators. They are planning the biggest asking why they have been refused service? itself, how can we be sure that its intentions shake-up of data protection legislation in two Why are they being charged higher prices? are good? Will there be an off button to ensure decades. Leaving aside whether the regulation And is this fair? One party keeping a watching that AI does not circumvent human control? anticipates the future or is playing catch-up brief on the use of algorithmic decisioning The technology giants, including Amazon, on present practices, the EU General Data is the regulator. This is to ensure groups of Facebook, Google, IBM and Microsoft, have Protection Regulation (GDPR) is already casting customers are not being unfairly penalised. set up a body to conduct research into ethical its shadow forward. Also, that companies are handling personal questions about how AI affects humanity. It The regulation facilitates opportunities for data appropriately. is known by the slightly Orwellian name of the data use and data sharing. However, it also The UK Financial Conduct Authority stopped Partnership on Artificial Intelligence to Benefit penalises the mis-use or loss of data with short of launching a full inquiry into the use of People and Society, or PAIBPS for short. fines of up to €20 million or four percent of Big Data in the insurance industry in September Just as machines will get smarter, so will global annual turnover. The regulation also 2016. But the watchdog warned insurers humans. They will understand the technology includes provisions on the clear and affirmative that they must comply with data protection better and incorporate it more into day-to- consent to the processing of personal data, regulations and privacy rules when using data day business processes. With regard to the clearer language around privacy policies, from social media data or aggregator sites. payments industry in particular, as Hochmuth the right to be forgotten, data portability Facebook also waded into the debate about from INFORM maintains, there is a “huge and breach notification. the use of social media in the insurance opportunity to combine conventional decision- Attitudes to data at an individual and societal industry last year. It blocked UK car insurer, making strategies, human expertise and level will be fundamental to a smarter future. Admiral, from using posts on its site to make machine learning to improve processes.” A cultural shift in the way we regard data, decisions about pricing. Admiral had hoped Machine learning will create a ripple effect create trust and build business cases that the language used in Facebook posts as with all innovation. It will be a technology is already underway. The machines would provide clues about driving style. that enables a new raft of business cases and are rising, but the future will Understanding and being able to explain industries, including some we cannot possibly be determined by data and the workings of machines, whether to improve think of at present. human attitudes. decisioning or avoid the perception of The future may be happening faster than we unfairness, will be seminal to increasing the expect. Self-driving cars are a good example. uptake of machine learning techniques both Who would have thought that they would within the payments industry and beyond. be on the road ten years ago? If machines can think, learn and communicate with other A SMARTER FUTURE? machines, how soon before they replace humans altogether? This dystopian view of Advances in artificial intelligence and machine the relationship between man and machines learning have been driven in part by cheap is not new. Nor is the discussion about access to computing power. Microsoft, Google, machines in the workplace. Perhaps it Facebook et al are good at artificial intelligence, is as US physicist Arno Penzias said. partly because they have large swathes If you don’t want to be replaced by a of computers to put behind the task. The machine, don’t try to act like one. machines will get smarter. The falling cost of As much as machine automation computer power and data storage, increasing may make humans redundant, availability of data and advancements in there are also opportunities. AI techniques almost guarantee this. The The future will involve new production of models and calculation of results jobs that have yet to be will become much better, quicker and cheaper. created, as well as old www.paymentscm.com payments cards & mobile | January / February 2017 25 issuing & acquiring IN ASSOCIATION WITH

PREPAID CARDS: OPENING UP A NEW WORLD OF POSSIBILITIES

Prepaid cards are witnessing a fast rise in vital to put these needs at the heart of any product other existing programmes. The case for popularity, with the global market expected to offering while ensuring consumers have the this is particularly strong in the retail sector, grow to $535 billion by 2020, according to best possible experience every time they make where prepaid card programmes can be Euromonitor International Consulting Group. a payment. Prepaid cards can meet these needs bundled with loyalty programmes to help What was once seen predominantly as a tool and are a much better alternative to cash. drive loyalty and revenue, and simultaneously for promoting financial inclusion among the For travel enthusiasts, exchange rates can decrease the operating costs associated with unbanked and underbanked population, has now be locked in at the time of loading money onto handling cash. evolved to a payment method that delivers a prepaid card, so cardholders can choose to Beyond this, we are also seeing an emergence convenience and security to consumers buy currency at the most fortuitous moment and of prepaid products across non-traditional across a wide range of sectors, writes make their money go further whilst travelling sectors and audiences: music festivals, for Graham Perry, president, Mastercard prepaid abroad. Prepaid travel cards can also be used to example, have been debuting dedicated prepaid management services. spread the load, enabling travellers to distribute cards to simplify the payment experience Increasingly savvy holidaymakers, for example, their travel money across multiple currency at events and help festival goers keep their are constantly on the look-out for the best deals options. To control budget, prepaid cards can be money safe from theft or loss. Of course, from to manage their money and take the stress loaded only up to the amount the consumer is a consumer perspective, a prepaid card will also out of travelling. The increased security and willing to spend during their trip. allow attendees to better manage their spending convenience of travelling with a prepaid card The convenience and practicality offered by while at the event. certainly caters to this need. The advantages of prepaid cards, coupled with their safety and There has also been a spike in usage by prepaid cards go far wider than this and include security, mean prepaid products are gaining local government as they seek agile prepaid the potential for worldwide acceptance and popularity across multiple other industries card programs to better serve the needs of the budgeting benefits, both of which are highly including retail, finance and airlines. payment needs of their citizens in a way that goes valued by consumers. Heightened awareness of fraud and data beyond financial inclusion. RTi Research demonstrates 77 percent of breach threats have encouraged consumers to cardholders are extremely concerned by false proactively manage their own fraud risk. Due to PARTNERING TO WIN declines when travelling. Meanwhile budgeting the nature of how prepaid cards work, they are an has become ever more important since the global attractive option. If a prepaid card is lost or stolen, Though opportunities are plenty, navigating economic crisis and the conservative spending as there is no link to a user’s bank account, there the prepaid payments environment requires behaviour that has followed. is no risk of fraudsters accessing any further investment, market and industry knowledge, and It comes as no surprise that as a result of the funds. And, as a further precaution, prepaid payment expertise. As such, for those looking value prepaid cards have already delivered to the cards can even be blocked remotely to put an to capitalise on the opportunity, forging solid travel industry, we are seeing their usage spread immediate freeze on any unwanted transaction partnerships with industry experts is crucial and to other areas of consumer life. activity. This offers consumers peace of mind must not be overlooked. and ensures the delivery of a frictionless service Working with an established provider that IMPROVING THE CUSTOMER EXPERIENCE as they go about their daily lives. can manage the programme from end to end, while offering world-class security, reliability, Today’s consumers demand choice, speed, NEW PAYMENT POSSIBILITIES convenience and innovation, will help ensure convenience, flexibility, control and, above all, delivery of an enhanced customer experience, peace of mind that their money is safe and secure. Aside from increased safety and security, and offer the best chance of success in opening To compete effectively in this environment, it is prepaid cards can also easily integrate into up a new world of financial posibilities.

THE FUTURE OF PREPAID Source: Capgemini Analysis THE GROWTH OF PREPAID The global transaction volume of open-loop prepaid carrds have grown more than 20% 16.9 during the pasy 5 years 13.9 11.4 9.4 7.7 6.4

2009 2010 2011 2012 2013 2014

Source: The Boston Consulting Group

26 payments cards & mobile | January / February 2017 www.paymentscm.com 2016-17 EDITION Payment Cards Statistical Yearbooks Stay one step ahead with deep industry information and a wealth of statistics from central banks, interbank companies and associations and individual banks.

In order to respond to the changing and new payment industry markets, the 2016-17 edition Yearbooks have been enhanced by adding:

• More issuer information – issued brands by issuer • More acquirer information – acceptance brands by acquirer • More on contactless cards and digital wallets • More e-/m-commerce information, e-payments mix and statistics • More on notable mobile payments initiatives • More on basic fraud trends and statistics • Mobile merchants and MPOS terminals • Notable market trends – battlefields in the payment industry

European Payment Cards Yearbook and Eurasian Payment Cards Yearbook 2016–17 are available as a complete volumes or as individual country profiles.

To place an order, for further details, to view full synopsis or download a sample country report visit: www.paymentyearbooks.com THE GROWTH OF PREPAID 10% Discount Order online using discount code CFORI074VJYN

PAYMENTS INDUSTRY INTELLIGENCE www.paymentyearbooks.com www.paymentscm.com payments cards & mobile | January / February 2017 27 PaymentsCARDS & MOBILE issuing & acquiring IN ASSOCIATION WITH

COMBATTING THE TRADE IN CHILD ABUSE MATERIAL ONLINE

The internet comes with unintended consequences, including the ease with which it can be mis-used for the commercial sexual exploitation of children. Payment platforms are also being mis-used to monetise this trade. We examine the criminal modus operandi and offer advice on how to avoid acquiring such transactions.

The sale and purchase of online child abuse transfers, SMS and premium rate calls, and material is a persistent and growing problem. Bitcoin, Smith explains. The Internet Watch Foundation (IWF), the online The card schemes do not permit their brands child sexual abuse charity, identified 68,092 to be used for transactions for child abuse webpages of such imagery in the year to April material. This outright prohibition is a rare 2015, a 417 percent increase over two years. instance of where scheme rules are stricter than local law, which may be silent on what CRIMINAL MODUS OPERANDI constitutes child abuse or the age of consent. Furthermore, although acquiring transactions “The trade in child sexual abuse imagery is from some merchant groups may depend on very dynamic,” explains Sarah Smith, technical acquirer risk appetite, there is no such latitude researcher, IWF. “Websites are sometimes only around child abuse material. online for very short periods, before they close The unscrupulous circumvent controls and re-emerge on different services. This is by laundering transactions, using mirror a fast-moving crime.” Some of the trade is or shell websites, load balancing, acquirer conducted on the Darknet, a part of the internet hopping or simply mis-coding transactions. not indexed on traditional search engines. Transaction laundering is when a known, However, criminals also use the open web registered merchant knowingly or unknowingly by means of disguised websites, cookies and processes transactions on behalf of another cyberlockers. Websites may only show illegal business, which is unknown to the acquirer or imagery when they are accessed through a underwriting entity. Acquirers and processors digital pathway of links. “Websites provide may be processing anywhere from six to ten different content depending on the kind of percent more merchants than they are aware cookie you are utilising in your browser,” of, according to industry sources. acceptance risks. These are the risks the explains Christian Chmiel, CEO, Web Shield, Then there is the trade in shell merchants underwriting entity incurs if their merchants a risk management company. “If someone and websites. “There are service providers sell goods or services that are illegal, restricted, from law enforcement or the acquirer goes that create websites, deliver an incorporated brand-damaging or prohibited by the card to that website, then they would just see merchant, including nominated directors and schemes. There will not necessarily be a regular content.” shareholders,” says Chmiel. This is designed chargeback or TC40 to flag such transactions, Cyberlockers and file sharing websites are to satisfy KYC checks at boarding. as the cardholder has what they wanted and also a way to distribute child abuse material, Ongoing monitoring is the key to spot any paid for. This turns decades of thinking about which are advertised on separate forums. “To changes with the merchant, their website acquirer risk on its head. access these videos, offenders just have to sign or ecosystem. Unscrupulous merchants may Online child abuse material is the canary in up for paid access to the cyberlocker. To do this pre-emptively set up multiple accounts, which the coal mine for e-commerce acceptance risk. they use the services of legitimate payment are ready to use if an acquirer or PSP detects The situation has moved beyond letter-of-the- networks. Each sign-up and subsequent a problem with an active account. Investigate law compliance. Stakeholders will be expected download of videos earns the uploader a why dormant accounts were set up if merchants to demonstrate their compliance and evidence payout,” explains Smith. are not trading through them. If any long- what they did and why. dormant accounts suddenly show activity, this No acquirer or scheme wants to be MIS-USE OF PAYMENT PLATFORMS should raise a red flag. Similarly, if a merchant processing transactions for child abuse presents a website that has only a few visitors, material, but has everyone been doing their “Any type of payment method can be exploited yet has a €50,000-€100,000 processing history utmost to manage their acceptance risks by criminals that distribute online child sexual per month, this should prompt a follow-up and keep this trade away? Organisations abuse imagery. This is where the payments cannot wholly outsource responsibility for industry is at risk,” says Smith. Criminals mainly THE INTERNET CHANGED EVERYTHING their operations, profits and reputation to third used to accept credit cards for the payment of parties. It’s time to step up, manage risks and child abuse material, but are now starting to Physical world credit and operational risks show leadership in combatting the trade of accept alternative methods, including money persist online in addition to new e-commerce child abuse material online.

28 payments cards & mobile | January / February 2017 www.paymentscm.com IN ASSOCIATION WITH OPEN API- DRIVEN DIGITAL BLOCKCHAIN GOLD PILOT COMPLETE INNOVATIONS Euroclear announced the successful "The pilot has been very useful in helping AND MERCHANT completion of its first pilot for Euroclear us further refine the Blockchain platform," Blockchain, the gold bullion-based Blockchain explains Seth Phillips, Blockchain product PAYMENTS solution, with FinTech company Paxos. director, Paxos. "The level of engagement from Euroclear Blockchain is a new Blockchain market participants was extensive and they Mobile, online and social media channels settlement service for London bullion due to were excited by settlements enabled on a real have revolutionised consumers’ shopping go live in 2017. According to the official release, Blockchain for the first time, and to see how behaviour, and sparked demand for new payment solutions that support over 600 OTC test bullion trades were settled on quickly their feedback could be incorporated into multichannel commerce, Big Data, loyalty the Euroclear Blockchain platform during the the platform." and targeted advertising. two-week pilot. The pilot combines Euroclear's presence A new breed of global merchants, such The pilot saw the involvement of a number as an international securities depository and as Uber, Netflix and Airbnb, have built the of leading market participants in the London settlement provider with Paxos' technical success of their products and services bullion market, including Scotiabank, Société platform to bring instant settlement and on openness. They also expect an open Générale, Citi, MKS PAMP Group and INTL delivery to the London bullion market. technical set-up from their solution FCStone. All are part of the Euroclear The settlement of unallocated gold is a very providers. This puts pressure on payment Blockchain market advisory group that now capital-intensive process. Euroclear Blockchain providers to keep up with the open includes 17 participants working with Euroclear will significantly minimise risk, leading to a API economy. and Paxos in the roll-out of the new service. reduced capital charge. Open API-driven digital innovations focus on building positive customer experiences, and represent an attractive revenue stream for the entire payments ecosystem. Fully SEPA INSTANT CREDIT TRANSFERS ARRIVE aware of the new opportunities, major card schemes Mastercard and Visa unbundled The European Payments Council published the during weekends and holidays. The convenience the full suite of their products and services SEPA instant credit transfer (SCT Inst) scheme of instant credit transfers, the immediate certainty in 2016 to give developers open access to rulebook at the end of November 2016, after a that the money has left one account and is available underlying payment capabilities. public consultation organised earlier in the year. for the beneficiary, will further increase the use Open API architecture brings new It seems inevitable that payments will become of electronic payment methods over cash and challenges for payment processors and faster. So, if payment service providers want to cheques. payment solution providers. Software remain at the forefront of the industry, they should The SCT Inst scheme will come into effect developers – regardless of whether they are on the merchant side or developing rapidly board the instant payments train, says in November 2017. PSPs that plan to offer payment solutions for payment providers Anthony Richter, chair of the EPC task SCT Inst transaction services to their – have high expectations when evaluating force on instant payments, and Jean- customers from that date or shortly a potential service. They expect initial Yves Jacquelin, chair of the EPC SCT thereafter, will be able to adhere to positive feedback in the first five minutes, Inst scheme rulebook development the scheme as of January 2017. the first success within 20 minutes, and a task force. The publication of complete sketch for a solution within 45 Around the world, instant, real- the SCT Inst rulebook does not minutes. If it does not deliver, the option will time, and faster payments are among mark the end of the EPC’s work on simply be discarded. the hottest topics in payments. Many instant payments. Throughout 2017, countries, including some in Europe, have already the task force will monitor adherence to the How are traditional card acquirers, successfully launched instant payment solutions. new scheme and track implementation issues banks, PSPs, ISOs and payment networks capitalising on this opportunity? However, currently these do not operate across to address. national borders. To ensure that the scheme continues to meet Merchant payments, open platforms and The EPC’s SCT Inst scheme, created future market needs, a change management API-driven digital innovations with FinTech in close collaboration with stakeholders cycle will be organised every two years companies are among the key topics to from across the payment chain, will enable as of 2018. be discussed at the MPE 2017, the top interoperable euro credit transfers in SEPA As the maximum amount of a SCT Inst European merchant payments, POS and for transactions of up to €15,000 initially to transaction is a key parameter, this will be reviewed card acquiring event in Berlin, February be available on the payee’s account within annually in addition to the change management 14-16. ten seconds. cycle from 2018. In addition, PSPs can mutually agree to increase The EPC feels that these measures will allow Request the agenda and register at the transfer limit and speed. Users will be able the scheme to remain flexible and to change www.merchantpaymentsecosystem.com to make these transactions anytime, including according to feedback from participants. www.paymentscm.com payments cards & mobile | January / February 2017 29 mobile payments

SIZING AND PROFILING THE IN-APP MOBILE PAYMENTS MARKET

First Annapolis recently estimated current Digital sectors lead the way for app choice for payment authentication and apps in-app mobile payments volume at €60 billion commerce today as much of the e-commerce will play a key role in enablement of payment and €125 billion in Europe and North America volumes in these sectors migrate into apps use cases. respectively. US consumers clearly set the which offer greater feature/functionality than While the growth of the in-app mobile trend for mobile usage, spending half their traditional internet-based environments. payments market is robust, there is still total time on digital media in mobile apps as of Growth in in-app payments will increasingly be significant room to improve transaction July 2016, according to comScore. European fuelled by emerging in-store use cases, such outcomes and the quality of payment services markets trail on the adoption curve by one- as quick service restaurants driving increased supporting app commerce. to-two years, while China is also one of the efficiency with app-based ordering. Fraud management solutions and services highest in the world. Retailers are still learning the ropes of are typically not tailored for the unique The mobile payments market can be app commerce, lagging other sectors in app requirements and advantages of the app logically split into three major segments. First, commerce penetration. This is expected to environment. The nature of app commerce using a mobile phone as the physical form change as apps can serve as a powerful fraud is unique (e.g. repeated installation and factor at the point of sale. Second, completing platform for self-checkout as well as wiping of the app in order to take advantage of a payment within a mobile web browser. And integrated loyalty. Walmart, for example, sign-up offers) as are the tools available (e.g. third, transacting within a mobile app. As of is adding complimentary grocery pickup in precise geo-location and more complex device 2016, the overwhelming majority of mobile several US markets, an order-in-advance fingerprinting algorithms). payments fall into the latter two categories, model ideally suited for the mobile app. The The customer experience is also often often combined under the classification evolution of integrated commerce, loyalty and not optimally designed to be frictionless, ‘mobile commerce’. In-app mobile payments payments is expected to eventually accelerate forcing too many steps or even a 3-D in particular are growing rapidly (50 percent+ growth of app commerce within the retail secure authentication on sign-up. The CAGR), writes Allan Reynolds, consultant, sector, as observed today at Starbucks. development of mobile wallets and apps First Annapolis. First Annapolis also expects regulation such as Apple Pay should help to streamline While increasing smartphone penetration to be a catalyst for the growth of in-app this experience. App commerce is simply will lead to more mobile payments across payments in Europe. PSD2 intends to increase not the same as e-commerce; rather it use cases, both consumers and merchants e-commerce security by requiring strong requires the optimisation of a unique set of are increasingly embracing app commerce customer authentication. Creating frictionless payments capabilities. and in-app payments. In-app payments use cases for two-factor authentication will be The acceleration of growth in app commerce are cannibalising other traditional types challenging; however biometric authentication will help to fuel the ongoing increase in of payments as app commerce use cases (‘something you are’) on a smartphone, mobile payments. Merchants and payment displace physical transacting at the point of which can also hold an encryption key service providers must invest in mastering sale, traditional mail order/telephone order (‘something you have’) is a compelling option. this new payments environment if they are to payments and e-commerce. Smartphones will become the platform of capitalise on this growth.

ESTIMATED 2016 SPLITS OF MOBILE PAYMENTS BY ESTIMATED SECTORS SPLITS FOR USE IN EUROPE AND NORTH AMERICA IN-APP PAYMENTS

2% 6% 2016 2020

21% 32%

NORTH EUROPE AMERICA

77%

61% Phone as form factor @ POS App commerce Grocery Food Service Other Retail e-commerce via mobile device Digital Goods & Services Ground Tran & Unatt Airlines Gaming & Gambling Financial Services Other Source: First Annapolis Consulting analysis and estimates.

30 payments cards & mobile | January / February 2017 www.paymentscm.com AN EVENT OF

Mobile has become fundamental to our everyday lives. It has inextricably changed how we communicate, interact, work and play as individuals. It is transforming entire industries, bringing new levels of productivity and eciency to enterprises.

Over three decades, mobile has evolved from an emerging communications technology to a phenomenon that is now at the foundation of everything we do. How can we describe the role of mobile in today’s world? Elemental.

Mobile is revolutionary, dynamic, ever adapting. It’s the force behind every emerging innovation, every forward-thinking enterprise. Join us in Barcelona for WWW.MOBILEWORLDCONGRESS.COM Mobile World Congress 2017, where the world comes www.paymentscm.comtogether to showcase, celebrate and advance mobile. payments cards & mobile | January / February 2017 31 contactless

US PAYMENTS FORUM LAUNCHES NEW MOBILE AND CONTACTLESS PAYMENTS EFFORT

The US Payments Forum has announced the the security of, and enhance opportunities for, mobile and contactless payments working payment transactions within the US. committee to explore the opportunities In addition to contactless and mobile and challenges for the variety mobile and payments and the ongoing migration to “With the US Payments Forum being contactless payments solutions being chip technology, the forum plans to address the only forum bringing together all the implemented in the US. The committee will tokenisation, card-not-present security payments industry stakeholders including also identify possible approaches and develop solutions and encryption. merchants, issuers and the mobile practical implementation guidance and “Just as we are doing with the US EMV chip community, the mobile and contactless best practices. migration, our goal as an organisation is to payments working committee is uniquely This new working committee comes as provide concrete, usable guidance to make positioned to develop implementation part of the US Payments Forum’s expanded new and emerging payment technologies a guidance and help the payments industry to priorities to address a variety of new and reality in the US,” said Randy Vanderhoof, be better equipped to implement contactless emerging payments technologies that protect director, US Payments Forum. payment technologies.”

MASTERCARD AND VISA SIGN DIGITAL WALLET TOKENISATION DEAL

Mastercard and Visa have committed to account numbers and expiration dates, with a “Each of us has our own objectives around accelerating the adoption of an open digital unique digital identifier (a token) that can be used our own wallet — but the general consensus wallet. The card networks announced their for payment without exposing a cardholder’s is that for mobile wallets to really thrive, they agreement to allow each network to request more sensitive account information. have to support multiple modes of use for the tokenised credentials from the other when “Both Mastercard and Visa are committed to consumer, which means they have to be open. consumers are transacting via digital wallets. wallets that are secure — but also open,” says The tough part is, open wallets aren’t really Tokenisation is a popular security technology James Anderson, group executive of platforms open unless there’s a mechanism to make that replaces cardholder information, such as and emerging payments, Mastercard. them interoperable.”

NON-CASH PAYMENTS ACROSS US AND UK TO SOAR BY 2026

The value of non-cash payments in the US today. In the UK, 68 percent of all transactions SHARE OF CONSUMERS US and UK will reach $46 trillion and £1.44 trillion will be non-cash transactions, up from 55 USING ALTERNATIVE UK respectively by 2026, new research from global percent today. With regard to the acceptance PAYMENTS law firm Paul Hastings shows. of alternative payment methods, 82 percent In the US, this is a 36 percent increase of businesses in the US will accept alternative pre-paid cards on 2016’s figure of $33 trillion. 221 million payment methods compared to 74 percent of contactless mobile payment users are their counterparts in the UK. mobile or app-based payments, not via a bank expected within a decade. Whereas in the The Future of Payments report also identified UK, this represents a 26 percent increase the biggest barriers to the growth of payment Other app-based or 'invisible' payment methods (e.g. One-Click Buy, Samsung Pay, etc) on 2016’s figure of £1.14 trillion. 19.1 billion technology. 48 percent of consumers in the US contactless transactions per year are expected and 53 percent in the UK said that a reduced Mobile Banking (i.e. bank/building society) within a decade. risk of fraud is the feature they would most like

The research, conducted in association with to see in alternative payment methods. This Contactless payments (e.g. contactless card or the Centre for Economics & Business Research scores more highly than accessibility, customer payment fob) (Cebr) and YouGov, examined current attitudes service or competitive rates of interest. of businesses and consumers towards “We have a fantastic array of new payment E-money account (e.g. Neteller or PayPal) alternative payments and their potential use of methods at our fingertips, whereas once the future payment methods. options were limited to cash, cheques, card Further 2026 forecasts include a projection and bank transfer," says Ben Regnard-Weinrabe, 0% 10% 20% 30% 40% 50% that 76 percent of all transactions in the US will partner in the global banking & payment Source: Paul Hastings Future Payments Report be non-cash transactions, up from 63 percent systems practice, Paul Hastings.

32 payments cards & mobile | January / February 2017 www.paymentscm.com Europe’s BIGGEST, BEST and FASTEST GROWING annual event for retail and hospitality

SEE THE FUTURE OF PAYMENTS

RBTE is where retailers come to find out the latest payments news from mobile payments to biometrics; data security to alternative payments RBTE IS YOUR EVENT!

FREE conference programme featuring leading international retailers | Dedicated Payments Theatre Innovation Trail & Awards | Over 350 exhibitors Extensive Networking ALL UNDER ONE ROOF AND FREE TO ATTEND

Speakers in the dedicated payments theatre, programme subject to change in partnership with Barclaycard, include: Dr Geraint Evans, Group Head of Commercial & Strategic Juan Andrade, Payments Manager, Secret Escapes Programmes, ODEON & UCI Cinemas Janine Albrecht-Webb, GM Digital & Technical Marketing Vincent McKevitt, Founder, Tossed Integration, Shell Sean Cornwell, Chief Digital Officer,Travelex Neil Horden, Head of IT, Jones Bootmaker & Brantano Footwear Martin Alden, Head of Commercial Development, Wyevale Adam Bialy, Head of Payment Technology / Senior Product Garden Centres Owner Digital & Technology, Sainsbury’s

CO-LOCATED 8-9 May 2017 WITH Olympia Grand, London www.paymentscm.com www.rbtexpo.com | +44 (0) 208payments 874 2728 cards & mobile | January / February 2017 33

RBTE 2017 PCM 210x280.indd 1 08/01/2017 19:18 e-commerce

EXPLOSIVE GROWTH IN LAT AM E-COMMERCE – MERCHANTS STRUGGLING WITH PROCESSING COMPLEXITIES

The fact that the main markets in Latin America lead this growth with a doubling of online sales country, their norms, regulations and various are experiencing an explosion in e-commerce and shoppers over the next five years. Overall payment methods.” growth is hardly news. However, as both internet e-commerce growth statistics for the region One of the key, and contributing factors in and smartphone take-up continues, consumers run at a CAGR of 17 percent from 2015 to 2019, this complexity is the number of local cards (i.e now have e-commerce opportunities that other to reach $85 billion. domestic brands) in the studied markets and the markets may have taken for granted over the Brazil will account for 42 percent of the different uses of payments on the internet. The last five years. region’s e-commerce, a CAGR of 12.5 percent use of domestically issued cards (even if they Latin American consumers are now using from 2015 to 2019. Mexico will account for are badged with Mastercard, Visa or others) is the technology at hand to search for and 12 percent, but will grow faster to become an obvious inhibitor to cross-border sales as the purchase goods and services more cheaply and 15.6 percent of the region by 2019. Argentina cards are simply declined. conveniently than they were able to in the past. represents the smallest portion of regional “Even within familiar markets the impact e-commerce at nine percent, but will grow of payment types and consumer behaviour SIZE OF THE PRIZE the fastest to 14.6 percent of the region on conversion optimisation is a hot topic.” by 2019. Hyett continues. “These challenges become According to Forrester, e-commerce in Brazil, exponentially more difficult across Latin Argentina and Mexico will grow from $20.8 SIZE OF THE PROBLEM America – where payment types, acquiring rules billion in 2015 to $30.9 billion in 2016. Mexico will and banking regulation ratchet up the difficulty The numbers are spectacular, so why aren’t of achieving success.”

B2C E-COMMERCE SALES IN LATIN the big brands rushing in to fill the void? The Aside from the obvious difficulties in simply AMERICA FROM 2013 TO 2018 reasons are two-fold: cross-border e-commerce getting paid for e-commerce sales, getting (IN BILLION US DOLLARS) is still in its infancy for both foreign as well as money out the countries can be a real 100

87.28 domestic brands. Secondly, the e-commerce challenge. Typically, businesses in Brazil will 83.3 market for merchants and payments providers pay a large sales tax (5-15 percent) as well as 80 78.15 71.1 is fragmented. The payments infrastructure re-appropriation taxes that are imposed on 62.56 difficult to navigate, but so are the national laws funds leaving the country (5-10 percent). Other 60 51.26 surrounding payments, which are noticeably countries have similar protectionist policies that

40 different in each of the major markets. make it very hard to sell within the country and “The Latin American market is extremely bring profits out. 20 complex and an unknown quantity for non- In short, there is a big opportunity for brands Revenue in billion U.S. dollars domestic merchants,” explains Brad Hyett, to take advantage of the growth in e-commerce 0 2013 2014 2015 2016* 2017* 2018* managing director of Europe, BlueSnap. “We in Latin America. However, they should be aware Source: Statista have seen many merchants run into trouble of the issues at hand and undertake smart when they don’t understand the nuances of each partnerships to expedite success.

FRICTIONLESS CHECK-OUT UNDER THREAT IN EUROPE

The recent European Banking Authority provider)”, i.e. the issuer in the case of card online. The proposed RTS is variously too (EBA) consultation paper on strong customer payments. With very few exceptions, issuers prescriptive in some areas, yet not clear authentication and secure communications are required to perform strong customer enough in others, particularly around scope under PSD2 generated 146 responses. A authentication on every transaction. and applicable scenarios. Terminology is broad cross-section of interested parties, Strong customer authentication is defined not always clear or consistent. The RTS including academic institutions, acquirers, as two or more of the following: knowledge, also requires approaches which are already payment industry vendors, retailer groups, possession and inherence. Risk-based outmoded or go against current convention or schemes and trade associations, provided authentication or input from acquirers, industry best practice. online responses. merchants et al, acting alone or together The EBA is expected to publish the next In the August draft RTS, the EBA set out would appear to be prohibited. draft of its RTS in late February/early March its vision for the authentication procedure to Broadly, respondents were concerned that 2017, whereupon the European parliament and “remain fully in the sphere of competence of the proposals may deter customers from council of ministers will have a three-month the ASPSP (account servicing payment service shopping or accessing financial services period to challenge the text.

34 payments cards & mobile | January / February 2017 www.paymentscm.com pos terminals

DISCOVER AND PAYPAL PARTNER ON DIGITAL PAYMENTS

Discover Financial Services (DFS) and PayPal expanding PayPal’s reach at POS, which will Cashback Bonus to pay for purchases at the have signed a tokenisation and digital enable US PayPal customers to pay with their millions of online and mobile merchants that payments agreement making PayPal more Discover cards at all of the contactless-enabled accept PayPal. widely available to Discover cardmembers, merchants that accept Discover. After enablement, Discover cardmembers acquirers and merchants. As part of the agreement, Discover and will be able to view and use their available The agreement provides PayPal with PayPal plan to enable PayPal customers Cashback Bonus while using PayPal to pay for access to Discover’s tokenisation services, with eligible Discover cards to use their all or part of a purchase.

WORLDLINE AND HEASE ROBOTICS SIGN PAYMENTS PARTNERSHIP

Worldline has entered into a mutually detection, mood detection, voice detection, beneficial co-development relationship with next-generation authentication and security Hease Robotics, a French B2B service robot solutions, connected device management, plus manufacturer, which delivers robots to the new user experiences as a result. retail and hospitality industries. Worldline will leverage its retail industry The partnership helps to extend service on experience around ordering and payment customer-facing robots in public places, such solutions. This includes interactive kiosks as malls, shops, entertainment, event and in hotel lobbies, transit stations and other transportation locations. public places. Additionally, intelligent, Worldline will bring various technologies and connected cars which can manage fuel and industrial end-to-end services to Heasy, the insurance for users. Furthermore, connected first robot designed for the retail industry by piggybanks which transform an offline, analog Hease Robotics. These technologies include piggybank into a fully NFC-enabled account all current and future payment methods, people managing device.

The Cards & Payments Summit

Championing cutting-edge innovation: clamping down on fraud

27th & 28th March 2017 Radisson Blu Portman, London

Early registration rates available: www.marketforce.eu.com/payments www.paymentscm.com payments cards & mobile | January / February 2017 35 10TH ANNIVERSARY February 14-16, 2017 Berlin

1000+ attendees at TOP European conference & exhibition CARD ACQUIRING, CX, POS, REGULATION, SECURITY, ONLINE & MOBILE PAYMENTS

300+ MPE C-Level Club executives

150+ amazing speakers Ingenico ePayments, Payvision, Verifone, Worldline, Equens, PPRO Group, Wirecard, Worldpay, Sagepay, Concardis, Holland FinTech, Spire Payments, SumUp, iZettle, Wargaming.net, Samsung Pay, UBER, Carrefour, AliPay ... and many more

Yandex.Money 70+ SPONSORS & EXHIBITORS iDEAL SEPA Express MyBank Mastercard

MPE Awards & Gala Dinner

MPE Awards acknowledge 13 leading vendors, influential leaders & rising stars

www.merchantpaymentsecosystem.com +421 233 329 999 [email protected] 36 payments cards & mobile | January / February 2017 www.paymentscm.com products & contracts

AMEX ACQUIRES AUTHENTICATION VENDOR INAUTH

American Express announced in early evaluate the the potential risk of a digital rapidly evolving world of digital commerce,” December 2016 that it had acquired the risk transaction, for example e-commerce said Lisa Stanton, CEO of InAuth, who will management and authentication vendor InAuth purchases or customer logins on a mobile app continue as president. for an undisclosed sum. or web browser. Founded in 2011, InAuth will operate as a InAuth provides mobile device authentication “As part of American Express, we will be wholly-owned subsidiary of American Express. and intelligence solutions to a range of banks, able to build on the strong partnership we The acquisition follows an investment in financial institutions, payment networks already have in place to gain scale, accelerate InAuth made earlier in 2016 by American and merchants. our expansion and, over time, work together Express Ventures, the strategic arm of Its platform uses device authentication to to develop new capabilities that address the American Express.

VISA BUYS CARDINAL COMMERCE

In attempt to accelerate its digital commerce the next 18 months, so the acquisition will help said Mark Nelson, senior vice president, risk ambitions, Visa has agreed the acquisition integrate 3-D Secure and new fraud mitigation and authentication products, Visa. of card-not-present authentication firm capabilities to merchants. “We are excited to embark on this next CardinalCommerce. “This strategic acquisition combines Visa’s chapter of Cardinal’s growth with Visa,” said Visa already provides Cardinal’s services industry expertise and Cardinal’s critical role Mike Keresman, founder and CEO, Cardinal. to acquirers and merchants through its in payment authentication to bring added Financial terms of the transaction were CyberSource merchant and acquirer security to online transactions, reduce fraud not disclosed. The transaction is expected to enablement platform. Visa plans to integrate and support digital commerce, which is the close in Visa’s second fiscal quarter 2017 and tokenisation into its Visa Checkout service over fastest growing commerce segment today,” is subject to customary closing conditions.

CMA SLOWS MASTERCARD ACQUISITION OF VOCALINK

The Competition and Markets Authority (CMA) A number of industry participants have raised the CMA noted that it has no concerns related has found that Mastercard’s acquisition of concerns with the transaction and the CMA to providing payment infrastructure services VocaLink gives rise to competition concerns. investigated a number of theories of harm, to BACS or the Faster Payments Service. Mastercard already owns and operates including loss of competition in payment We are pleased to have the opportunity to credit and debit card schemes Mastercard, infrastructure services to Bacs, FPS and LINK address their one concern, regarding the LINK Maestro and Cirrus, and has also bid to ATM scheme. ATM scheme, in the timeframe provided. This supply infrastructure services to UK interbank In relation to LINK ATM, the CMA found acquisition promises to bring greater choice payment systems. that VocaLink and Mastercard are two of the and innovation to the payment ecosystem, VocaLink is a supplier of payment three most credible providers of infrastructure enabling people, governments and businesses infrastructure services to three major UK services to the LINK ATM network operating to pay the way they want to pay.” interbank payment systems: Bacs, the across the UK. As such, the merger would The companies could avoid the merger automated clearing system allowing credit reduce the number of bidders and limit the being referred for an in-depth investigation and debit payments between bank accounts; ability of the LINK scheme to obtain good if they offered a remedy to address the the Faster Payments Service (FPS), which value when tendering for an infrastructure competition concerns identified. They had enables near ‘real-time’ payments between provider. until 11 January 2017 to do so. bank accounts within the UK; and the The CMA has not found concerns in the LINK ATM network. provision of payment infrastructure services The CMA assessed the merger in to Bacs or FPS since there are many credible the context of an ongoing review by the alternatives to VocaLink and Mastercard. Payment Systems Regulator (PSR) into “We welcome today’s decision by the the ownership and competitiveness of Competition and Markets Authority (CMA), infrastructure that supports the three regarding our planned acquisition of major UK payment systems. The PSR VocaLink,” read a Mastercard statement. has made a series of recommendations “The thoroughness of the CMA’s review intended to improve competition in reflects the significance of this deal and its payment systems. potential for the industry. In its announcement, www.paymentscm.com payments cards & mobile | January / February 2017 37 conferences

Trustech 2016 and Merchant Payments Ecosystem 2017

There was a great deal of negative speculation about the survival of Cartes when they decided to change both the name to Trustech and venue to Cannes for the 2016 event. Trustech 2016 proved to be a great success. Cannes was very popular with delegates, particularly with so many hotels within walking distance of the Palais des Festivals, removing all the awful travel difficulties previously experienced at Villepinte. This was assisted by Trustech providing coaches for delegates at Nice airport taking them to the Palais and returning them to the airport at the end of the event. On the plus side, there were a great number of exhibitors covering all aspects of payments. Free Wi-Fi was available for the majority of visitors and there were free charging stations on all levels. Food and drink was also easier to access, except for the inevitable queues at lunchtime. The Trustech team produced a good event which has every chance to grow in its new home. The next important event on the PCM calendar is Merchants Payments Ecosystem in Berlin 14-16 February. This is a great opportunity to hear the latest thoughts in the industry and to network over coffee, lunch and during the evenings. There will be three channels of presentations on the Payments Ecosystem, Checkout & Conversion and mPOS Wise. The coveted MPE Awards dinner will take place on 15 February where there will be a packed hall all waiting to see the 2017 winners in 12 categories. Conference Diary

The Cards & Payments Awards 2017 PayExpo Americas 2017 Seamless Africa 2017 2 February, London 7-8 March, Mexico 14-15 March, Cape Town cardandpaymentsawards.com clarionevents.com/region/south-america terrapinn.com/exhibition/seamless-africa/index.stm

MPE 2017 European Payment Summit 2017 The Cards & Payments Summit 14-16 February, Berlin 8-9 March, The Hague 27-28 March, London merchantpaymentsecosystem.com europeanpaymentsummit.com marketforce.eu/events/financial-services/cards- payments-summit Mobile World Congress The Future of Retail Banking: Europe 27 February-2 March, Barcelona 13-15 March, Amsterdam mobileworldcongress.com marketforce.eu/events/banking/retail-banking-europe

Advertisers

IFC FIS IBC Datacard OBC OpenWay P7 Subs P9 RS2 P13 FIME P15 RS2 P 19-22 Openway P27 Yearbook P31 Mobile World Congress P33 RBTE P35 Cards & Payments Summit P36 MPE

38 payments cards & mobile | January / February 2017 www.paymentscm.com I LOST MY DEBIT CARD.

I was rushing to get to work, and I must have left it at the coffee shop. Thankfully no one used the card, but I was expecting the hassle of waiting two weeks for a new one. Instead, my local branch instantly issued me a new debit card right then and there.

What a remarkable experience.

Entrust Datacard offers a complete portfolio of instant card issuance hardware and software solutions to help you create these remarkable customer experiences. See how instant card issuance can enhance customer loyalty and drive new revenue.

Visit www.datacard.com/pcm to download the free white paper.

Entrust Datacard and the hexagon design are registered trademarks and/or service marks of Entrust Datacard Corporation in the United States and/or other countries. ©2015 Entrust Datacard Corporation. All rights reserved. www.paymentscm.com payments cards & mobile | January / February 2017 39 40 payments cards & mobile | January / February 2017 www.paymentscm.com