page image

CHAPTER III - The Environment for Innovation in Payment Systems

The Environment for Innovation in Payment Systems

To get a richer sense of what is needed to foster innovation in payment systems, Eric Dunn, Senior Vice President for Payments & Commerce Network Solutions for Intuit Corporation, gave a brief talk about how the environment for innovation in payment systems has changed over the past fifty years—and what challenges must be met in the years ahead.

Dunn started by noting that the environment for innovation in payments is much more hospitable today than it was in the 1950s, when the Diners Club and American Express cards were first introduced. Computing is far more powerful, pervasive and networked today, and so is the connectivity of data systems. Consumers no longer have simple relationships to one or two banks and financial companies; they are likely to have ten or twenty separate financial relationships via credit cards, bank accounts, investment vehicles and so forth. “This is a significant difference in the environment today, and it is an important lever for innovators,” said Dunn. “Consumers are prepared to have multiple financial relationships and to take on new payment tools.”

Innovation in payment systems is more sophisticated today, too, because there is a deeper understanding of “network effects platforms,” said Dunn. “Investors understand that while it can cost a lot to get through the ‘chicken and egg’ phase of development, if they can emerge on the other side, as perhaps Visa has done, they can be in a strong position to capitalize on network effects dynamics.” Despite the more receptive environment for innovation, Dunn said that the “core plumbing” of most of today’s payment systems is static; it was invented forty to fifty years old and is not undergoing much change.

Dunn shared a chart showing the dollar volume of transactions for each of the major payment systems:

Transaction volume in U.S.(in trillions of dollars)

Number of transactions(in billions)

Average transaction amount

Cost

(as percent of transaction amount)

Cash

$1.5T

75B

$10

--

Checking

$48T

25B

$2,000

.05

ACH network

(bank-to-bank)

$35T

17B

$2,000

.05-.10

Card networks

(credit/debit)

$5T

100B

$50

.200

Figure 1:Dollar volume of transactions for each of the major payment systems.

There once was a broad migration from cash to checking, from both of them to credit cards, and then a lesser migration from checking to ACH payments. But these four systems are the dominant payment systems in the U.S. today.

“Moving to alternatives is pretty difficult,” said Dunn, notwithstanding the appeal of alternatives. He cited an Iowa-based startup called Dwolla that is trying to reinvent payments based on first principles. It does “direct-connect deals with banks to move money reliably from one bank to another in real time, with free transactions up to $10, and 25 cents for transactions beyond that. They’ve made some progress, but they have a very tough row to hoe,” he said.

People tend to love credit cards, but sellers object to their cost—200 basis points per transaction. Some entrepreneurs are trying to leverage the check system by letting people email checks to each other and allowing the scanning of them for payment (e.g., Chase QuickDeposit), but Dunn regards these types of innovations as “kind of a hack. I’m not sure there’s a lot of potential there.” Similarly, mobile platforms have devised some innovative ways to make payments, but Dunn considers mobile payments “more a delivery mechanism than a fundamental platform for money movement” because the mobile platforms simply function as “proxies for cards.”

Wire payments amount to only 200 million transactions—a very small volume in the grand scheme of things—but they represent hundreds of trillions of value because brokerage houses use wire payments to settle their accounts. “Wire is not really a tool for innovators in alternative payments,” said Dunn, “because while the variable costs of wires at volume are as low as $.50, banks treat wires as a premium offering and attach high fees ($15 and up) to both origination and receipt.”

There have been some notable innovations in core payment systems outside of the U.S. Europe has a sophisticated, efficient and low-cost credit transfer system for outbound, bank-to-bank payments, said Dunn, which has eclipsed the need for a check system. The United Kingdom decreed five years ago that its banks must supplement its ACH payments with something called Faster Pay, which is a real-time transfer of funds from any bank account to any other bank account.

In general, electronic payments in the U.S. tend to revolve around cards. But some people question the wisdom of this structure, said Dunn, pointing to the inefficiencies of pushing $8 trillion of transaction volume through a system that charges 200 basis points, or about $160 billion in interchange costs.

Dunn argued that “a lot of transaction volume would benefit from a real-time infrastructure for payments. That doesn’t mean we don’t love the card—I love the card, and it is a $500 million business—but should we have to choose between the badness of batch payments or the high cost of the card? Or alternatively, between the goodness of real-time payments or the goodness of low-cost payments, instead of something that could combine them? This seems like an important policy objective for regulators like the Federal Reserve.”

Dunn noted that the Federal Reserve has played this role historically—first, in 1915, by stepping up to handle processing costs so that checks could be cleared “at par” (without a fee taken out of the transaction amount); and second, in the 1970s, by co-creating with U.S. banks the Automated Clearinghouse (ACH). More recently, the Fed has tried to reduce banks’ settlement times from two days to one day, but large banks have rejected such plans.

Several conference participants objected that the comparative data on the four payment systems is misleading because they represent “apples and oranges and kiwi fruit” in one chart. Vijay Sondhi, Head of Corporate Strategy for Visa, noted that debit cards are much cheaper to use than before—around 20 basis points—because the money is immediately withdrawn from a person’s bank account. And credit cards are “a totally different beast” from the other forms of payment, he said, because they have so many other value-added benefits folded into them: a consumer’s greater willingness to buy with a card (compared to cash), the trust in the system (because of safeguards against fraud, complaints against a seller, lost-card protection, etc.), and other benefits.

Sondhi also pointed out that there has been innovation relating to card payments, such as card networks opening themselves to innovative apps through open APIs, which “has allowed for massive innovation.” Sondhi argued that “the core network works, and everyone’s quite happy with it.” He conceded that “some larger merchants complain about the discount rate, but most of them are pretty happy to have those customers show up and make large purchases.”

An often-overlooked fact is that there are considerable “hidden costs associated with using cash,” said Paul Moreton, of Capital One. These include the cost of handling and moving cash, hiring a Brinks truck to off-load cash from a store, the inconveniences of customers carrying around cash. Michael Chui of the McKinsey Global Institute cited statistics showing that if cash payments could be “electronified,” there could be a 0.5 percent to 0.8 percent lift in GDP in Europe.

While there has been innovation “around the edges” of the core payment systems, Jack Stephenson of JPMorgan Chase pointed out that there have been only two payment networks over the past thirty years that have attracted more than 20 million active customers—the Discover card and PayPal. It will be interesting to see if MCX, the new payment alternative being developed by a consortium of merchants (mentioned earlier), will succeed.

Historically, mobile payment platforms have not proven competitive on cost grounds. Paul Moreton noted that mobile payment networks using prepaid cards, such as one run by Nokia, are “incredibly expensive”—on the order of 50,000 basis points instead of the 200 basis points of cards. Such models are not likely to expand to physical commerce for, say, buying a pair of socks or the like. Similarly, the fees charged for premium SMS [short message service, or text messaging] are “rapacious and wrong,” said Peter Vessenes of Bitcoin Foundation.

The Challenge of Innovating Within Legacy Systems

The emergence of networked innovation poses particular challenges for large enterprises with legacy systems, said Vijay Sondhi, Head of Corporate Strategy for Visa. “When you step through the turnstile at many corporate offices, you enter a kind of Get Smart world [a television spy spoof from 1965-1969]. It’s as if you go back forty years. You are limited in the use of social networking. Evernote is blocked. Dropbox is dropped. Google Docs is blocked. It’s all blocked. The system was architected for security, reliability and trust, but it wasn’t designed for usability and the new expectations of free…. The legal departments often think social networking is dangerous,” said Sondhi. One wag at his office advised people to BYOD—“Bring Your Own Device.”

Legacy systems can amount to “a horrible little island surrounded by this wonderful infrastructure around your Android or iPhone,” said Sondhi. “But you’re locked in. Then you go downstairs to Starbucks for lunch, and suddenly you’re paying with your phone. At some point we are going to need to bring these [networking capacities] into the places where we work.”

John Clippinger, Co-Founder and Executive Director of a nonprofit tech startup, ID3—the Institute for Data-Driven Design—predicted that “there is a new kind of architecture that is coming out that is more distributed. And so innovations in consumer-to-consumer (C2C) and business-to-consumer (B2C) commerce are actually going to find their way into enterprise computing. That’s where the major disruption is going to be.”

Clippinger noted that a central challenge in devising such an architecture is to provide digital identities, security and online authentication in more dynamic, flexible ways. “If you can control your data, and share your data and expertise in appropriate ways, then you can then aggregate demand to do co-production in far more efficient, social ways. You can create a whole new kind of infrastructure that will dramatically disrupt the enterprise models that currently exist. And if you make access to these infrastructures virtually free, which is what people expect, you will be able to build to scale very quickly. I think this is going to happen faster than a lot of people realize.”

Shane Green, Co-Founder and Chief Executive Officer of Personal, a mobile and web data vault and private network for managing personal data, agreed that “the biggest legacy issue holding a lot of companies back is enterprise information technology—the idea that you have to manage all of that data yourself.” Picking up on the joke about BYOD, Green said, “Bring Your Own Data. I think it’s inevitable that people will show up with a complete set of their own data and a personal cloud, which they can then plug into any trusted third-party system, including of a new employer.”

The point is that individuals are going to become “the centerpoint and integrator of data,” said Green. He cited Fitbit—digital devices that gather individual health and fitness data—as part of a larger trend, the Quantified Self movement. “Personal analytics is a huge, fundamental part of the ‘personal cloud,’ and there are brands and companies that want to collaborate with those individuals.” Green disdains such terms as “data exhaust” and “data crumbs” because he said they trivialize the significance of data to the people who generate them. If it’s your data, it’s valuable and important. Green, like most working on user-centric data approaches, prefers to call this distinct segment of the data universe “small data.”

Innovation in Emerging Countries

In thinking about innovation from the edges, emerging countries are serving as important incubators for experimentation, if only because they are often “greenfields” with few legacy business models or regulatory systems. Or, they may exhibit historical or cultural factors that simply are not present in industrialized countries of the global North.

In recent years, a great deal of attention has focused on Kenya and the success of the M-Pesa, a mobile money introduced there in 2007 that now has 23 million users. Transaction volume of the M-Pesa is now estimated at 25 percent of that country’s GDP. It has been pointed out that the M-Pesa took root in some unusual circumstances. It was a time of great civil strife in Kenya; banks were the targets of civil unrest and people needed safe, reliable ways to store and transfer money. The dominance of Kenya’s mobile telephony by a single carrier and its massive network of 80,000 agents across the country also helped diffuse the M-Pesa rapidly.

“I sent M-Pesa money once,” said Leila Janah, Founder and Chief Executive Officer of Samasource, a nonprofit that acts as a broker for microwork in the developing world. “It was really a liberating feeling. I sent $300 and it cost a few cents to make the transaction happen.” But Janah said that that transaction was intra-Kenya; cross-border transactions remain extremely expensive.

This is an area that deserves much greater innovation, said Janah, because of the huge costs of transmitting money, which is especially onerous for poorer people. “Remittances generated about $500 million worldwide last year,” she said. “The average fee is 12 percent. The World Bank just issued a call to action to try to bring that down to 5 percent, which is still exorbitant.”

Overall, the volume of mobile money transactions is surprisingly large, according to the trade association for mobile operators, Groupe Speciale Mobile Association (GSMA). “In 2012, more than 30 million people undertook over 200 million mobile phone transactions, totaling nearly $5 billion,” said Panthea Lee, Co-Founder and Principal of Reboot, a social enterprise that works on issues of governance and global development.

Although GSMA is tracking some 200 deployments of mobile payment systems, only a dozen or so of these systems are reaching more than one million customers. Many innovators want to emulate Kenya’s remarkable success with the M-Pesa, but there are many complicated factors in making these systems work in other circumstances, said Lee. In general, she sees “a lot of potential for mobile money,” but believes that that will require mobile providers, banks, partnerships and regulators to coordinate more closely.

There is one distinct advantage to launching innovative payment systems in developing countries: no one “owns the customer” and thus no legacy systems to displace. As Vijay Sondhi of Visa pointed out, there are fewer power bases. People do not have bank accounts or FICO [credit] scores. But everyone has feature phones. Because there is no “terror of legacy [systems],” the place to innovate is in poorer countries, not in the U.S., he said. And in fact, two-thirds of Visa’s growth today occurs outside of the U.S., he said.

The U.S. cultural outlook and tech industry mindset may blind American innovators to different ways of imagining payment systems. For example, in Russia there is a company called Qiwi that operates “reverse ATMs,” in which you stuff your cash into a kiosk machine and pay your bills—and then receive a prepaid Visa card that you can spend. The system is welcome in a society in which many people are paid with wads of cash. In China, there is a system of “payout delivery,” in which customers can try on new clothes that they have ordered, which a delivery person has brought to them. “The delivery person waits while you try on your clothes, and if they don’t fit, you just give them back,” said Sondhi.

Social trust and personal respect can affect how people use remittance systems, noted Panthea Lee of Reboot. A remittance system launched in Afghanistan to receive remittances from the global diaspora of Afghan people failed because no one trusted it. For reasons of social familiarity and comfort, many people persist in using check-cashing shops to send or receive money even though it is more expensive than banks. Poorer people who need to send and receive remittances do not feel socially at ease in starchy banks; check-cashing shops are more casual, welcoming community-based social centers.

The Need for Better Authentication for Internet Transactions

One of the most vexing problems in innovating “on top of” the existing “rails” of network payment systems, is the problem of authentication. The past several years have seen many significant data breaches in which “full dumps” of password data were posted on the Internet, leading to the victimization of many people.

The proliferation of usernames and passwords has made people exasperated by the number of usernames and passwords they must use, which in turn can make them careless. This problem is made worse by the inability of people (such as spouses) to share unique, complex passwords for every site and app in their lives in an easy, seamless way. There are some “drop-dead simple solutions” available today that will create your passwords for you and log you in automatically, said Shane Green of Personal, but people are not being incentivized or pushed to use these solutions, or penalized for not using them. For example, banks and credit cards could threaten not to reimburse customers for losses if they were caused by an intruder who obtained their password from another site or guessed it because it was commonly used or too simple.

The basic problem is that more secure forms of authentication tend to be off-putting to consumers and thus discourage commercial activity. “Yes, you can improve security,” said Michael Barrett, President of the FIDO Alliance, “but you will do it at the cost of increasing ‘friction’ in the experience. That’s the issue with all of these solutions—they are all just moving along a one-dimensional line of increasing friction.”

Another barrier to better authentication is the jealousy that various players show toward “their” customers. No one wants to let a competitor become the preferred security provider. Vijay Sondhi of Visa explained: “Authentication is the gateway to the power position. If you are the security gateway to everything, you become the first person who touches the consumer. That’s why ‘Connect with Facebook’ is something that Facebook was really smart to develop. That’s why Google is trying to make Gmail ID the gateway for connecting to the world.” “One of the most remarkable, untold stories about Internet privacy,” said Marc Rotenberg of EPIC, “is how Facebook gives everything that you give to your friends, to all of their business partners. In my mind, that’s the worst model of authentication because it’s not necessary and doesn’t serve any real purpose.”

But becoming the “authentication gateway” or “identity provider” is especially important to many corporations because it can be the path by which to acquire people’s personal data. That data may well be more valuable than transactions themselves, and the relationships may evolve into a valuable gateway in its own right for future transactions.

Sondhi added that there are now all sorts of “passive authentication” systems that can enhance the reliability of identifying an individual. The number of apps on a person’s smartphone can actually authenticate a person, for example. And less reliable modes of authentication can be augmented by “step-up mechanisms” that increase the reliability of authentication and thereby mitigate risks. The calibration of authentication is dynamic and improvable.

To experts in the field, authentication is not an “on/off” toggle but a continuum that goes from “easy to use but insecure” to “harder to use and highly secure.” The question facing any authenticating service is typically “how much pain” does it wish to inflict on its end-users for the sake of security.

One growing alternative is biometric authentication, which relies upon people’s fingerprints, eyeball irises or even idiosyncratic personal gestures. There is currently a Silicon Valley startup that is developing an authentication system that assesses how people hold their smartphones as a way to uniquely identify them. The new iPhone 5S offers the option of using a fingerprint as the turnkey for opening the iPhone, and the government of India has recently instituted a fingerprint technology as the basis for issuing universal IDs to all of its citizens. But many people are understandably nervous about providing biometric data to centralized corporate or governmental repositories. The future of biometric authentication over the next five years may also be impeded by a protracted standards war.

A far more secure strategy would be to develop distributed forms of behavioral authentication based on your personal data, said John Clippinger of ID3, the Boston nonprofit that is building a new “social stack” of protocols for the Internet. Clippinger said that ID3 is working on a system that would provide users with “a core identity that is biometrically linked to you and based in the cloud. It could be accessed through a single log-on and key that would give you, and only you, access to other anonymous authentication protocols for what we call ‘personas,’ which would be your particular identities used in your various commercial and personal relationships. For each persona, you could specify the types of information you’re willing to share, which would be reflected in a digital certificate. So you would share only information appropriate to a given relationship. Different types of information could be subject to different levels of authentication.”

What makes such a system superior to many others is that it is context-aware and distributed, said Clippinger. It is entirely possible to get beyond the current tradeoffs in authentication (i.e., reliable authentication = difficulty of use), he argued, but it will require that we use more sophisticated software techniques, distributed systems and new regulatory models.

Clippinger agreed with the earlier point that “whoever is the identity provider acts as the control point.” But a radically different option to centralized control is now possible, he said. ID3 is working on a plan that would empower individuals, and self-organized groups of individuals, to authenticate themselves and each other—“a disruptive solution that will let you be self-sovereign.” In other words, large institutions such as the government, banks and credit bureaus would not be the only ones capable of reliably authenticating a person.

As a technical and social matter, identity-authentication could become democratized—and in the process, new sorts of digital institutions based on reliable authentication of people could emerge. Clippinger said that ID3 is building new digital platforms that would let individuals set up their own bank and data accounts and self-configure their own personalized cloud-based systems. The premise is that the individual is the “natural aggregation point” for controlling data. This vision is becoming more feasible as new network infrastructures and sophisticated distributed authentication techniques become feasible. Because of the inertia of regulatory systems and opposition by incumbents, however, it is more likely that such systems will emerge first in smaller, more innovative countries or in “greenfields” such as Africa, where the technology could leapfrog over the barriers that plague more advanced market economies.

Shane Green of Personal agreed that the most promising trends appear to favor giving the individual control over personal information. Individuals can then manage their own trusted relationships and data-sharing with affiliated partners. “That’s where things are going,” he said, “because people don’t want to be locked into a single technology or environment. This is how the ‘EZ Pass’ described by Walter [Isaacson] will materialize.”

Share On