The cost of plastic

7 02 2014

We live in a digital age, and yet all our online and over the phone payments are carried out based on a very non-digital technology – payment cards. Essentially cards are protected by you needing to know a few numbers off the face of the card, and 3 additional security numbers on the back. If you aren’t the only one who knows those numbers, then you aren’t the only one limited to spending on that card.  Yes, there are many new security measures online, such as 3d secure and verified by blah, and yes, there are endless reams of PCI compliancy rules that businesses should follow. But at the end of the day, a bunch of numbers is hardly the easiest thing to secure.

 

The end of cards?

Cards have served us well for a long time now. But the cost of issuing a piece of plastic with some numbers on, isn’t cheap (on such a large scale). The costs of trying to protect those numbers for banks and mainly businesses are always on the increase, and this always results on businesses being charged more to accept a card based payment. What’s worse is, that when that card isn’t physically present, such as online or over the phone (especially when online sales are increasing) the poor old merchant is charged even more for the pleasure of accepting their customer’s payment.

What we must remember is that fraud doesn’t cost your issuing bank much at all. Rather it is the merchant who sold the goods that loses out financially, and they will lose out on the value of whatever they sold. For small businesses that’s quite a risk, especially when they branch out onto the web. I have known many small businesses to be stung like this, loosing thousands in revenue and of course lost product (a double hit for them).

Now we have a number of alternative payment systems and services starting to become available, some in the form of virtual currencies, mobile payments, different payment schemes and processes online (ala PayPal) and these are starting to become quite disruptive to the traditional card schemes and banking business. With alternative payment options growing in popularity, could this possible be the beginning of the end of the card? I say the beginning, as cards are heavily entrenched in our daily lives, and to date, only Starbucks IMHO has shown that consumers and businesses are starting to really make a choice when making a payment – and opting for something other than their card.

 

Digital payments for a digital age

I am a strong believer that when the technology landscape changes drastically, you need to embrace it fully. When cards were first becoming popular, there was no internet, no over the phone payments nor over the phone banking. But the internet is here, and cards haven’t changed at all. The infrastructure hasn’t changed, all that has changed is that software developers let us type in our card details so that the card can be identified. Not much evolution or embracing of the new digital age there.

Payment schemes need to be designed with their current landscape in mind, payments need to be designed for the digital world, which with mobile devices now blends seamlessly at times into the real world. This is what we have done at CloudZync. We have designed a payment scheme for the digital world that can be used online and out there in the real world, day to day via your personal mobile device.

For me, this is just the beginning of looking at how we transact, how commerce takes place, how customer relationships are forged in the real and digital worlds, and it’s an exciting time to be in this space. CloudZync is pushing the boundaries of what we expect from financial products, commerce, customer relationships and in terms of technology making our lives easier. Technology making my life easier and safer as a consumer, and the same applies to businesses. Technology making sales, transactions, experiences and relationships easier to manage and more profitable. To achieve these goals, we must always challenge what has gone before and that includes cards and banks…





Payment Security. Has it been forgotten?

8 11 2013

People may think I’m not being serious with this post title, but I really am. These past few weeks yet more examples of security not being taken seriously in the payments market have emerged. It started with an article I read on Finextra regarding Google bypassing the secure element on an Android phone for NFC based transactions. It’s the launch of HCE (Host Card Emulation).

 

HCE and NFC

I’m not going to go into too many details and technicalities about it, but my own take on the whole situation with HCE, NFC and Google is that Google and the card schemes are changing the rules in which payments are supposed to be made. They are doing this to better fit with their own solutions, and to potentially lock out ventures like ISIS in the US and WEAVE here in the UK and at the risk of security.

There are strict reasons behind PCI compliance and the use of EMV (secured chip and pin to most of us) and it seems that these are now causing issues for Google and others, so instead of looking for real solutions they change the rules. A great take on this can be found on finextra here

 

QR/Barcodes in transactions

These are the choice of many payment solutions out there, including my own companies CloudZync with Zwallet. However, QR and Barcodes are easy to create, especially static ones, so using these for passing payment information has to be taken into consideration, and I would never allow an authorisation of a payment to be made just because a valid code has been scanned. Yet I have witnessed many solutions out there now that do this…

With Zwallet we always make sure the consumer is involved in the authorisation process fully, so we keep intelligence in the process at the cost of 1 second in the transaction process. For me, 1 extra second making a payment is well worth it to aid in security. (I would like to point out that Zwallet transactions are still dramatically quicker than typical card based transactions, even with the added 1 second for security).

 

Security underlying cause for concern?

So what is the underlying cause of security concerns with payments? What really causes so much effort to go into technology a trying to patch security issues or catch fraud post a transaction? The answer is the actual card scheme itself and the infrastructure behind it.

Let’s be real. Cards are amazing. For the last 40 years they have steadily dominated the way in which most of us pay for goods and services. But, has security increased much in that time? A little is the answer. There is a lot more technology backed behind it, but fraud is back on the rise again, so we must ask ourselves why. And the answer is simple, cards were never designed for the digital economy. Everything that we do to utilise the card infrastructure is a cludge, a patch/hack in tech terms. All this technology and security to try and secure something that is very insecure, 16 digits on a card, mixed with two dates and 3 digits on the back.  If we lose control of those details then a fraudster can do whatever they want with our cards, and that’s why so much is invested in fraud detection post a transaction and so much is invested in risk management.

My fear is, while card based transactions using Chip and Pin remain ok, the way we use cards digitally isn’t so secure. Throw into the mix mobile payments and companies actively trying to utilise card details in their solutions to make payments, and holes start to appear. In essence, trying to use technology to secure something that by its nature is not secure causes all sorts of issues. And though great lengths to make things much more secure are possible, the costs behind these rack up.

No matter how you try to secure card details, or to what lengths you go, the fact remains that the infrastructure for cards requires those simple card details, and fraudsters are becoming increasingly intelligent, innovative and capable of getting their hands on those details and using them.

 

The security solution

The only real secure option is to start with a blank sheet of paper for payments and wake up and realise that the digital economy requires payments to be carried out on an infrastructure that is designed for digital transactions from the ground up. It also MUST include more human elements in the process and not just require everything to be automated.

Real intelligence still remains with the consumer and the business. By removing them from the process more and more, we may make the payment process a little quicker, but we increasingly make it less secure. After all, the process of me having to know my PIN to make a payment is far more secure if I have lost my card, compared to just waving my card in front of a reader and making a payment.

These are the reasons behind the security approaches we have at CloudZync, the reasons why we make sure the consumer has to actively be involved in the purchase process and actively have to authorise each and every payment. If we remove them too much, then there are more gaps for fraudsters to exploit.

I’m not saying everything can be 100% secure, it simply can’t, and intelligent innovative fraudsters will always find a way to exploit processes and technology, but we must actively make it as hard as possible, and currently, in the race to stamp authority on possibly the payments method of the future, security seems to be being overlooked…That is a great concern of mine, and should be a great concern for each and every consumer out there and business owner…





The cost of taking our money

29 07 2013

As consumers we don’t really think about the costs involved with doing business, all we care about are the products or services we are looking for, and getting them at the lowest possible price. Oh, and to be fair, there is nothing wrong with that. All consumers know there are costs involved in running a business, but some costs, like a business paying to take our money, we often forget about…

This is something that even the EU is now trying to look into, proposing a cap on the “interchange fee” charged by your bank back to the merchant for taking your money from your debit / credit card. The problem here though, is that those fees will probably move elsewhere, meaning it will be pushed onto the consumer – more than likely in the form of us having to pay annually for the privilege of having a debit / credit card (something many EU banks already do).

So in this post I want to quickly look at costs businesses have to pay in order to take our money…

Someone has to pay, every time we use these

Someone has to pay, every time we use these

 

The average costs

When a business accepts debit / credit cards, they pay for being able to provide that option to us, the consumer. Now you may think that it’s a cost based purely on the transaction process itself, but you would be wrong. Typically, in order to take card payments, a business has to register for merchant services (SMEs and independents usually go through high street banks – though the actual merchant service is usually sub-contracted out). The business pays a monthly fee for this, and the cost of that will depend on the business, amount of transactions they process and their value. But many small businesses, start-ups etc pay around £30 per month per terminal. On top of that, there is a standard flat fee per transaction that goes through the machine, again this will vary in price. For debit cards though, a start-up maybe looking at loosing 20p per transaction, while credit cards may also have a fixed fee associated with them, but will include a fee based on a percentage value of the transaction value. To give you an idea here, this fee could be anything from 1% right up to 4% of the value of the transaction, again depends on your business, your provider etc etc.

Now these fees may seem small, but remember these fees per terminal are per month, and that every single transaction is subject to these fees. When you look at tight operating costs and small profit margins, you all of a sudden see why providing card facilities isn’t always an option for a business.

Here are some facts and figures. The average cost of a credit card transaction (remember average) to a business is 36.2p. This cost drops to 9.6p for debit cards, while handling cash is 1.5p. If you were to calculate your shop sold 100 items in a day – that would mean you have spent £36.20 in handling those transactions (if credit card). Now multiple that by 300 working days (just for simple maths) and you see you have £10,860 lost in credit card charges (not including the monthly fees). Now, for many SMEs, independents, start-ups, actually any business, this is a large chunk of money lost.  Obviously these are just some figures to illustrate my point, and that point is that actually, processing cards is not cheap.

So with these sorts of costs, is it any wonder that businesses want a cheaper alternative, and are actively looking for alternatives.

 

Will Mobile drive down costs?

Mobile payments are the most obvious alternative to typical card transactions. But there are 3 different form factors of mobile payments at the moment:

  1. Typical card processing, but using a mobile phone as a card terminal
  2. Using NFC technology for contactless payments
  3. Use real mobile payments, originating from mobile devices and no need for cards at all

 

So, option 1: Companies like Square, iZettle, Sumup etc provide a dongle that allows any business to turn their smart phone device into a device that allows them to process card transactions. This proposition brings down the monthly cost to the independent and SME business – they no longer need to pay for their merchant accounts with high street banks etc. But these solutions are still expensive for the merchant. Typical fees are at least 3.75% per transaction! That’s very high and ultimately expensive for the merchant. You must remember that these are still card transactions, so in our example earlier, the £30 per month fee may have been removed (saving the company £360 over the year), but their fees have gone up, so still looking at £10,000+ in card charges.

Option 2: Use contactless technology…Well you still need merchant accounts here, so you are still paying your £30 per month (if not more if your bank charges etc for NFC enabled technology). However, your card processing fees will drop a little – and this is because at the moment the interchange fees on an NFC transaction are lower than those associated with Chip and Pin transactions, signatures, and card not present. But this is making only a small dent in the overall fees paid, and again the merchant in our example is shelling out £10,000+

 

Option 3: Real mobile transactions offer real options to merchants. Since they aren’t dependent on card schemes such as VISA, MasterCard, there are less companies involved in the transaction handling process. This means savings can be made in every step of the process, and these savings are passed onto the merchant. Companies like CloudZync and their Zync Wallet product provide drastic savings to businesses. Take our merchant example, with CloudZync the merchant pays no monthly fees, and since they are processing 100 transactions per day, are simply charged 1p per transaction. That means their daily processing fee has dropped from £36.20, down to £1. So the business annual handling fee drops from in excess of £10,000, down to just £300 for the year.

 

Cost of business, and cost of not adding value

What we must remember with mobile though, is the potential here to add value to the merchant – consumer experience and relationship. While cards, cheque and cash provide payment methods, mobile has a lot more to give (just as it does with our emails, social connections, organisers etc). Mobile transactions can be the gateway to greater consumer merchant engagement, better shopping experiences and ultimately, provide a potential tool to ensure business growth.

So while this post really is focussed on the cost of doing business, and potentially doing business with mobile devices, we should also remember the cost of potentially not doing business with mobile devices….Can a business afford to not make processing savings and not increase customer engagement and retention? I don’t know any that can afford to miss out on both…