Payments 2017 – One Month In
Business evolution—whether it’s automotive, bioscience, or in the payments industry—proceeds along a predictable path of incremental improvements and optimization. Until it doesn’t and a step function takes effect.
Last year was sleepy compared to what we can expect during the next eleven months. 2016 was characterized by the more familiar path, through themes set in motion in prior years. EMV. Bitcoin and blockchain. The “pays” from Apple, Google, Samsung, and leading merchants. In 2016, these elements grew and evolved along predictable lines. Yes, they’ve made an impact but none represent anything resembling a tectonic shift.
Now that 2017 is underway, it’s clearer that prospects for 2017 include increasing tectonic activity that will be rough or smooth depending upon which side of the tectonic plate you are standing on.
Let’s examine the shifts we know about. If you’re all about politics, skip to the end.
Immediate Funds Transfer, Finally
2017 will see the addition of several sets of payment rails to the US. It’s been decades since new bank-based payment systems have been introduced so this is significant. The Clearing House will turn up its Real Time Payments (RTP) system for account-to-account push payments. Zelle, the consumer-facing brand of Early Warning’s P2P payment system, will begin its marketing effort to convert the word Zelle into a verb. And while not new rails, even NACHA’s Same Day ACH service will be in the mix, competing for business.
This is a global phenomenon with over 20 countries at various stages of deployment, from planning to full production. In the EU, SEPA (Single European Payment Area) rule makers have released the specification for SEPA Inst, an immediate funds transfer, push payment system scheduled for a 2018 deployment. With the global axis tilting toward this credit push model, these new payment rails will pull share from their predecessors.
In the U.S., system economics will get clearer in 2017 as these schemes compete for volume across P2P, bill pay, income payments, and other use cases. We will continue to track these changes closely because new payment systems are so rare and potentially so disruptive.
One area we will be watching is the security of these immediate funds transfer systems compared to pull-based systems. The UK’s Faster Payments scheme experienced higher fraud rates than expected until bank authentication was strengthened. No surprise there; new payment systems of any kind are catnip for hackers and what could be more appealing than a new system that pushes money in near real-time?
Bad as it was in 2016 (remember the SWIFT breaches?), the crisis that is internet security will worsen in 2017. While defensive barriers and intrusion detection improve, the attackers enjoy the broad availability of personally identifiable information (PII), an ever-expanding set of attack surfaces, and the realities of human nature that make phishing so effective and security maintenance so difficult. Because of the broad availability of personally identifiable information, the hackers can have more current information than the accountholder. Account takeover will get more severe.
Effective payment defenses are being erected but there’s no hockey stick increase in their usage for this year. Issuer tokenization of payment card data is hugely effective but its use will remain well below 15% of CNP transactions. It is going to be 18 months before we start to see 3D Secure 2.0 (3DS2)—the more risk-based approach to merchant and issuer payment authorization messaging—move into broad production. That means issuers and merchants must continue to rely on defenses built internally or by others to manage fraud.
The Internet of Things (IoT) will expand even faster in 2017 but its security will continue to be deplorable. Manufacturers are focused on low cost and functionality. Buyers pay for the same attributes and are not paying for security features like secure elements or even basic crypto processing. That leaves whole fleets of IoT devices susceptible to botnet recruitment. Many IoT devices can barely be upgraded with new software to improve security, all while many are or will be payments-capable. This may only be solved by regulation unless all IoT players up their security game.
How Far do the “Pays” Go?
While their creators expanded the geographic coverage of these services, Apple Pay, Android Pay and Samsung Pay saw modest growth in 2016, still accounting for low single digit volumes at the point of sale. 2017 should see that steady, modest growth continue (changes Glenbrook is tracking closely). Two things must happen. First, consumers have to understand that these mobile payments methods are more secure rather than less. But no one really looks forward to educating consumers on new, improved security methods because it raises questions in everyone’s mind about the current system. Second, these “platform” Pays have to benefit consumers with loyalty points, rewards, and couponing. And that’s tough.
At Glenbrook, we believe the “pays” coming from large merchants that are able to combine both payment convenience and incentives in one package have more magic to offer. If you can get your discount, loyalty points, an improved buying and checkout experience from an app provided by a favorite merchant, you’re going to use it. Starbucks is proof. 2017 will be the year we see how successful other merchants—particularly retailers like Target who don’t sell hot, somewhat addictive products—fare with their in-store apps.
Blockchains Move into the Real World, Slowly
If 2016 was the year of the pivot from bitcoin to blockchain, 2017 will be the year when a handful of blockchain-based applications prove themselves, or not, in limited production. Use cases requiring the fewest participants and simpler data sharing requirements may well succeed from a technical point of view. Exposure of these use cases to the stubborn facts of economics (is a blockchain cheaper than a traditional database?) and rule making (can all participants benefit from the same set of rules?) will be the next hurdle for blockchain implementations.
Ripple is an example. While its technology is in place, the company has recognized the need to develop common rules for its participants. It has formed the Global Payments Steering Group with an interbank group composed of Bank of America Merrill Lynch, Santander, UniCredit, Standard Chartered, Westpac Banking Corporation, Royal Bank of Canada and CIBC to steer that rule making process for cross-border transactions. Once up and running under those rules, this will be a visible test case for blockchain payments.
Payments by Ear, and Voice
My partner Russ Jones has been calling this one for years. We expect the use of audio interfaces to blossom in 2017. The Amazon Echo, Cortana, Siri, and Android are teaching us to speak to our devices and now they’re getting better at both listening and doing useful work. Amazon’s Alexa has a “skill” to let Capital One accountholders make inquiries and payments. Before long, a Starbucks order-ahead skill will be added to Alexa. We’ll be watching for many more audio implementations this year.
AI and Machine Learning Everywhere
While these technologies have a certain “shiny new toy” glamor about them, there’s little doubt that 2017 will see an acceleration of machine learning and artificial intelligence applied to payments and commerce. We’ve already seen machine learning systems optimized for transaction risk management from firms like Feedzai and Sift Science. But even at the level of consumer interactions, AI-based bots are lowering the cost of customer service as well as guiding consumers through commerce flows. Last year’s bots were not all successful. And don’t expect your next bot encounter to pass the Turing test; it won’t “exhibit intelligent behavior equivalent to, or indistinguishable from, that of a human.” But it just might speed you through buying a new pair of shoes, including asking for the payment method of your choice.
Watching the international payments landscape finds nations and regions making profound decisions around money. India’s demonetization program and the EU’s PSD2 (Revised Payment Service Directive) are two.
The EU is retiring the 500 euro note out of concern for its potential role in illicit activities. This past November, India made 90% of its notes in circulation invalid to make money laundering, counterfeiting, and corruption more difficult.
Both regions are innovating beyond cash. India is linking via APIs its payment system building blocks – mobile, the Aadhaar identity management system, and financial institutions. Europe’s PSD2 directive is opening third party access to both bank account information and payment initiation services.
Could moves like this take place in the U.S.? Could the private sector do something along these lines with RTP and Zelle? While there’s zero likelihood of a national effort backed by rulemaking, competition is already making some U.S. financial institutions to open and promote their API marketplaces. CBW in the wholesale banking area and BBVA with its API_Market are two examples.
Politics, Payments, Uncertainty, and Change
The foregoing shifts will take place against the background of global political and governmental changes. Here in the U.S. the big elephant in today’s payments room is Uncertainty. Tomorrow’s elephant will likely be named Change. The fast pace at which the new U.S. administration and Congress are executing, and evolving, their agenda suggests there are substantial shifts ahead.
Here are some of the key questions we’ll be asking during the rest of 2017:
- What will happen to the Dodd-Frank legislation? With the broad Dodd-Frank bill up for revision, what will be the impact on the Durbin amendment’s debit interchange rate cap? Who will benefit from those changes: large or smaller financial institutions? How will the merchant community react to a presumed return of higher debit interchange costs and other fees? In 2016, regulations were introduced to revise or up-end Dodd-Frank. Given the power shift in Washington, DC, a favorable reception to those bills is now more likely than not.
- Will the Consumer Finance Protection Bureau (CFPB) continue to exist in its current form? Will the CFPB’s governance model be changed, perhaps to a commission structure, or will the bureau be altered entirely? Born via Dodd-Frank, the CFPB, despite its increasing maturity, may have a very different future.
- Similar questions abound elsewhere in the world. Looking at the UK and the EU, what will be the impact on payments, banking and privacy regulations of the long Brexit process, EU PSD2 regulations, Privacy Shield, etc.
After one month, we can already say that the rest of 2017 is going to shake up the payments industry more than last year. Hang on tight. Embrace the change.
The Glenbrook team is constantly evaluating the strategic impact of these and other trends. We look forward to engaging with you through our strategy consulting, our boot camp programs, our market scan services, and through your feedback here. Or just through a conversation. We welcome your thoughts!