In many respects, India's 9-year-old Aadhaar national ID system is a global model for simplifying payments, banking and payroll operations. It was designed to be a comprehensive database allowing easy access to bank accounts and other payments mechanisms. As a concept, it worked brilliantly.

But according to data from a report from the Centre For Internet and Society, it also serves as a world-class example of security recklessness, with methods so sloppy that they could have exposed sensitive data about almost a quarter of a billion Indian citizens.

In many respects, India's 9-year-old Aadhaar national ID system is a global model for simplifying payments, banking and payroll operations. It was designed to be a comprehensive database allowing easy access to bank accounts and other payments mechanisms. As a concept, it worked brilliantly. But according to data from a report from the Centre For Internet and Society, it also serves as a world-class example of security recklessness, with methods so sloppy that they could have exposed sensitive data about almost a quarter of a billion Indian citizens.
Have retailers suddenly started developing backbones, in terms of pushing back on payments companies? On Monday (June 27), Kroger sued Visa about how it was implementing EMV, in much the same way that Walmart and Home Depot have done. This follows Walmart kicking Visa out of Canada and a major German company rejecting PayPal after PayPal apologized and reinstated it. Did somebody spike the NRF water fountains with super-caffeine or something? Or have merchants decided that they can push back on payments giants with little risk of meaningful pain?

EMV rules seems to have been the PIN straw that broke the POS camel's back, as even Apple Pay has suffered performance degradations following EMV migrations. The big picture arguments about security—that it's blindingly obvious that PIN is far more secure than signature—are obscured by the reality that this is really a fight about interchange fees. And the EMV argument that the path to PIN must be glacially slow or else American consumers will freak out from the change, despite the fact that most are quite used to PINs from ATMs and debit cards, is frighteningly valid. And here it is in the land of EMV rules that grocery giant Kroger makes it stand.

Have retailers suddenly started developing backbones, in terms of pushing back on payments companies? On Monday (June 27), Kroger sued Visa about how it was implementing EMV, in much the same way that Walmart and Home Depot have done. This follows Walmart kicking Visa out of Canada and a major German company rejecting PayPal after PayPal apologized and reinstated it. Did somebody spike the NRF water fountains with super-caffeine or something? Or have merchants decided that they can push back on payments giants with little risk of meaningful pain?
In the aftermath of the Brexit vote in the U.K., some payments professionals were panicked given the huge number of European Union payments regulations at play. A U.K. that went its own way on payments—just as it did with monetary policy when it stuck with the Pound and never embraced the Euro—could cause confusion and other problems with cross-border transactions.

This issue is critical for payment facilitators for two reasons. First, one of the biggest values offered by PFs is that PFs offer a way for merchants to sidestep payments complexities. With all of this uncertainty throughout the European payments world, confusion could easily make merchants far more open to the idea of bringing in a PF, as a guard against having to deal with a wide range of potentially changing payments rules. Secondly, the other dominant value offered by PFs are services for merchants that go way beyond what is currently offered. Those services include a wide range of offerings, but ways to effortlessly manage cross-border payments in a post-EU payments world would certainly be among them.

In the aftermath of the Brexit vote in the U.K., some payments professionals were panicked given the huge number of European Union payments regulations at play. A U.K. that went its own way on payments—just as it did with monetary policy when it stuck with the Pound and never embraced the Euro—could cause confusion and other problems with cross-border transactions.
On Wednesday (June 22), a German company that had been cut off from payments from PayPal because of German privacy rules lashed back at PayPal. PayPal had backed down, apologized and reinstated the company, but the German firm said it was too angry with PayPal to necessarily return.

This started out as a tale of regulatory disclosures gone wacky and ended up as a story about companies deciding there is only so much payments guff they'll take before rebelling. That second tale started with Walmart's payments heresy move, as it stopped accepting Visa in Canada. The beginning of this tale happened last week, when PayPay insisted on information from the file-sharing company, Seafile, that the company couldn't provide due to German privacy rules.

On Wednesday (June 22), a German company that had been cut off from payments from PayPal because of German privacy rules lashed back at PayPal. PayPal had backed down, apologized and reinstated the company, but the German firm said it was too angry with PayPal to necessarily return.
Of all of the various payments hotspots that payment facilitators need to focus on, gaming—and all of its in-app potential—may be the one of the most lucrative. Witness Tencent Holdings Ltd., which this week confirmed plans to drop $8.6 billion to buy an 84 percent slice of the Finnish maker of the Clash Of Clans mobile game.

Games generate one payment for the initial purchase—which, for a popular game, is tantalizing enough on its own—and then a potentially unlimited number of follow-on purchases as players purchase new weapons or characters or cheats or various upgrades. Game companies are generally great at creating the games, but they need help facilitating effortless payments within those games. Enter PFs.

Of all of the various payments hotspots that payment facilitators need to focus on, gaming—and all of its in-app potential—may be the one of the most lucrative. Witness Tencent Holdings Ltd., which this week confirmed plans to drop $8.6 billion to buy an 84 percent slice of the Finnish maker of the Clash Of Clans mobile game.
For the payments geeks among us, transaction processing can be arresting. But in a bizarre twist, some police are doing both: arresting and processing payments and doing them both in the middle of a traffic stop on the side of the road. Will the familiar flashing-red-light refrain soon be "License, registration and Visa card, please?" In Oklahoma City, the answer might be "yes."

This all comes from a bid request that started with the Oklahoma Department of Public Safety to a Fort Worth supplier named ERAD Group Inc., which specializes in payment offerings for law enforcement.

For the payments geeks among us, transaction processing can be arresting. But in a bizarre twist, some police are doing both: arresting and processing payments and doing them both in the middle of a traffic stop on the side of the road. Will the familiar flashing-red-light refrain soon be "License, registration and Visa card, please?" In Oklahoma City, the answer might be "yes."
The BIN is such a critical part of transactions today that it's taken for granted. And even though it's been said ad nauseum for many years that we're running out of BIN numbers and that a new approach is needed. And ISO's imminent 8-digit BIN standard is intended to address the problem, but the deep integration of BIN means that the transition won't be easy.

Double Diamond President Todd Ablowitz is arguing that this could prove calamitous—necessary but calamitous. The potential damage could be severe, but relatively short-lived. It will be short-lived because updating systems will be relatively straight-forward. The disastrous part is he fears that a very large number of people won't initially realize how critical the BIN change is and then will get hit with oceans of declined transactions until they realize it's all about the BIN change. "People aren't taking actions because they don't realize how much this is actually a really big deal," Ablowitz said. "Because the BIN is used for so very much, if you don't have your BIN set properly, you're not going to know until it's too late."

The BIN is such a critical part of transactions today that it's taken for granted. And even though it's been said ad nauseum for many years that we're running out of BIN numbers and that a new approach is needed. And ISO's imminent 8-digit BIN standard is intended to address the problem, but the deep integration of BIN means that the transition won't be easy.
A brutal reminder of how convoluted and treacherous mobile cross-borders are today was shared by Paytm on Friday (June 10). That's when the Alibaba-backed wallet said that it can't be used for overseas payments based on current regulations, requiring instead that wallet users pay in Indian rupees.

Let's be clear. Paytm is no slouch among mobile wallets and it's backed by Alibaba—the multinational's multinational. If Paytm and its partners can't navigate payments from country to country, that's frightening. "While the mobile technology can create lower cost and friction free alternatives for cross border small value payments, the same is subject to licensing under FEMA (Foreign Exchange Management Act, 1999). Any cross border payments services by the payments bank will be offered subject to FEMA authorizations and RBI approvals. As such, the current Paytm Wallet cannot be used for overseas payments," the Paytm statement said. "As per the existing authorization, the wallet can only be used in India and any impression that the existing Prepaid Payment Instruments (PPI) semi closed wallet can directly used offshore/for cross border transactions is unintentional."

A brutal reminder of how convoluted and treacherous mobile cross-borders are today was shared by Paytm on Friday (June 10). That's when the Alibaba-backed wallet said that it can't be used for overseas payments based on current regulations, requiring instead that wallet users pay in Indian rupees.
After seven years of back-and-forth legal bickering and on the eve of a civil trial, Square on Friday (June 10) blinked and finally settled with Ren Holdings 3 and Robert Morley. The case was the quintessential Silicon Valley founder tiff, involving arguments over who really came up with the key parts of the idea that launched the now-powerful payment facilitator player. (Why do we never see pitched legal battles over who came up with the idea for companies that quickly fizzled and died? Just asking….)

The particular ideas that were mostly at issue were the patent for Square's payment card reader—seems that glass art business owner Jim McKelvey's name was left off, after he allegedly pointed out the payment flaw that was the essence of Square's raison d'etre—and other mobile payment approaches. The argument is that McKelvey came up with the idea and that he discussed it with Jack Dorsey—now the CEO of Square and, in his spare time, Twitter—and Morley. These arguments are classic Silicon Valley. Whose implementation idea is it? The person who noticed the problem and had a vague idea how to make it work, the more technical person who figured out a precise way to make it work, the specialist (in this case, payments expertise) who amended all of the above to work best with the rules and infrastructure of existing reality or the business person who figured out the way to let it generate revenue and profits? It's usually something close to a true collaboration—which makes splitting up the money later more challenging. Also, these interactions are rarely transcribed, beyond some e-mails and texts. If key meetings happened in person, egos and greed-fueled memories dominate. Hello, judge and jury.

After seven years of back-and-forth legal bickering and on the eve of a civil trial, Square on Friday (June 10) blinked and finally settled with Ren Holdings 3 and Robert Morley. The case was the quintessential Silicon Valley founder tiff, involving arguments over who really came up with the key parts of the idea that launched the now-powerful payment facilitator player. (Why do we never see pitched legal battles over who came up with the idea for companies that quickly fizzled and died? Just asking….)
In a telling lawsuit, the U.S. Consumer Financial Protection Bureau (CFPB) on Monday (June 6) sued processor Intercept Corp. and two of its executives for"enabling unauthorized and other illegal withdrawals from consumer accounts by their clients" and ne having "turned a blind eye to blatant warning signs of potential fraud or lawbreaking by its clients."

This move is interesting in that it places processors—and, presumably, others in the payments arena—in the role of quasi-law-enforcement. Is a mobile carrier to blame if customers use their phones to make obscene phonecalls, sell drugs or arrange murders? Is a hardware store to blame if someone buys a hammer and uses it to attack someone?

In a telling lawsuit, the U.S. Consumer Financial Protection Bureau (CFPB) on Monday (June 6) sued processor Intercept Corp. and two of its executives for"enabling unauthorized and other illegal withdrawals from consumer accounts by their clients" and ne having "turned a blind eye to blatant warning signs of potential fraud or lawbreaking by its clients."
For whatever consolation it offers, the feds overseeing payments-related regulatory issues are as apprehensive as payment facilitators. As the payments world is undergoing massive change in new and different ways of handling payments—an area where PFs lead—Justice and Treasury top brass are struggling to figure out the right ways to execute oversight.

Indeed, there's even talk of adopting a European-like saferoom approach, where startups have a limited window to explore and innovate without worrying about regulators cracking down. It's a saferoom in the sense that no idea is too risky to not be explored, even for a limited period of time. In other words, regulators are toying with the idea of whether it's sometimes best to not regulate at all.

For whatever consolation it offers, the feds overseeing payments-related regulatory issues are as apprehensive as payment facilitators. As the payments world is undergoing massive change in new and different ways of handling payments—an area where PFs lead—Justice and Treasury top brass are struggling to figure out the right ways to execute oversight.
The National Retail Federation (NRF) has never been a huge fan of the PCI Security Council. But in a detailed note sent to the U.S. Federal Trade Commission (FTC) late last month, NRF's lawyers crafted an impressive takedown of PCI, arguing that PCI represents a monopoly-like attempt by the card brands to control retailers.

The trigger for the FTC letter appears to be concerns that the FTC might incorporate PCI compliance with recommendations it is preparing—a move that would solidify and increase PCI's leverage and power. This is one of these arguments that is best articulated in the abstract. At the legal abstract hypothetical level, NRF makes an impressive-sounding case that PCI is indeed a powerplay by the cardbrands.

The National Retail Federation (NRF) has never been a huge fan of the PCI Security Council. But in a detailed note sent to the U.S. Federal Trade Commission (FTC) late last month, NRF's lawyers crafted an impressive takedown of PCI, arguing that PCI represents a monopoly-like attempt by the card brands to control retailers.
When the new Auriemma Consulting Group Mobile Pay Tracker report was released on Tuesday (May 31), it delivered some surprises. For example, most mobile wallet consumers do not have their favorite (aka most used) card as the default card in their mobile wallet. Even in April 2016, most mobile users (57 percent) don't have the technology to do almost any mobile payments. The report also detailed the higher incomes of iOS users compared with Android.

Even one of the non-surprising details of the report—that tech brands are more trusted than financial brands-is interesting in its scope, with "banks/financial institutions" getting roughly one-third of the trust points awarded to Apple and performing only slightly better when compared with Google and Samsung. (Note: The exact phrasing of the question is unclear. If the choice was literally "banks/financial institutions," that might not be fair to compare a nameless vertical against specific brands. Had they, however, compared Chase and Wells Fargo to Apple and Google, that would have been more, please forgive me, apples-to-apples.)

When the new Auriemma Consulting Group Mobile Pay Tracker report was released on Tuesday (May 31), it delivered some surprises. For example, most mobile wallet consumers do not have their favorite (aka most used) card as the default card in their mobile wallet. Even in April 2016, most mobile users (57 percent) don't have the technology to do almost any mobile payments. The report also detailed the higher incomes of iOS users compared with Android.
A new set of rules announced by the U.S. Treasury Department in May will force payment facilitators to reveal not only who owns a company, but also whoever controls and/or manages it. This will mean a lot more information will have to be revealed about charities, non-profits and other PF-friendly businesses. The new rules requires that each owner who has more than 25 percent of ownership must be identified, along with anyone who controls or manages the operations, whether or not they are an owner. On the plus side, these rules are not retroactive and won't even start kicking in until July 11, 2016, with required implementation not happening until May 11, 2018.

What are the key PF implications? "PFs that deal in small mom and pops will have no change when there is one owner and she/he is in control," said Deana Rich, head of Rich Consulting. "PFs will have a big change if there are two owners—such as a husband and wife each with 50 percent. In the past, only one was necessary. Now it will be two. But there's an added string. If their kid runs the business, now (the son/daughter) will be required to be IDed as well."

A new set of rules announced by the U.S. Treasury Department in May will force payment facilitators to reveal not only who owns a company, but also whoever controls and/or manages it. This will mean a lot more information will have to be revealed about charities, non-profits and other PF-friendly businesses.
Most privacy policies and terms of service—especially with payments companies—are indeed about privacy. The company's privacy, meaning that they want to keep their customers from knowing it to the extent possible. To that end, most are filled with legalese, are overly long and used the smallest and most difficult to read font as possible.

Square's may be no different in that regard, but on Tuesday (May 31), they announced a slightly different way to deliver it. It was a slight nod to transparency by making both the privacy policy and its terms of service somewhat shorter. No, it didn't surrender any protections. But it created several different versions of each document, crafted for its different kinds of customers. The theory is, in effect, why burden consumers with rules that only apply to merchants? So we decided to dig deep into what these new privacy policies said, Buyer beware.

Most privacy policies and terms of service—especially with payments companies—are indeed about privacy. The company's privacy, meaning that they want to keep their customers from knowing it to the extent possible. To that end, most are filled with legalese, are overly long and used the smallest and most difficult to read font as possible.
Oh, what a tangled web we weave when EMV data we receive. As more major retail chains fully accept EMV payments, Apple Pay is being dealt some serious experience setbacks, such as being asked twice for price verification and being asked for fingerprint biometric authentication and then, a few screens later, a signature. Neither of those steps were part of the Apple Pay process until merchants switched on EMV.

To be clear, those time-wasting moves are not part of the Apple Pay process at all, but are superimposed after the Apple Pay transaction is complete and customers think they are done. The reason this is now happening is due to very strict interpretations of EMV rules—and the fact that the nature of the payment mechanism (beyond that it's contactless) is not always communicated to the POS. Hence, it must assume the worst. When two retailers—Trader Joe's and Whole Foods--last week made the switch through upgraded Verifone POS terminals, customers used to speedy Apple Pay experiences were literally being called back to the checkout lane to complete the additional keystrokes. Before, once Apple Pay's screen said "done" and displayed an animated checkmark, they were free to leave. Not so in an EMV world.

Oh, what a tangled web we weave when EMV data we receive. As more major retail chains fully accept EMV payments, Apple Pay is being dealt some serious experience setbacks, such as being asked twice for price verification and being asked for fingerprint biometric authentication and then, a few screens later, a signature. Neither of those steps were part of the Apple Pay process until merchants switched on EMV.
An interesting MasterCard experiment is going on now at some Pizza Hut restaurants in Asia, where life-size robots take orders and process payments, with the intent of letting more store associates perform more involved customer tasks. (If you'll recall, that was the same argument made for early self-checkout systems.) But what makes this effort different is that these robots are designed to sense emotions and to react accordingly.

Beyond the obvious questions—such as "Is the world ready for empathetic creatures trying to sell you stuffed crust toasted s'mores cookie pizzas?"—there are the implications of emotion-detecting robots named Pepper. ("The name Pepper was chosen because it is a word that is easy to say and understand across many languages and cultures," MasterCard said.) In this deployment, they are named Pepper. The company making these robots, SoftBank Robotics, has created a series of videos depicting their potential. The main video (in Japanese) is worth watching, but be prepared for some serious weirding-out, if my teen daughter will permit me to use that phrase.

An interesting MasterCard experiment is going on now at some Pizza Hut restaurants in Asia, where life-size robots take orders and process payments, with the intent of letting more store associates perform more involved customer tasks. (If you'll recall, that was the same argument made for early self-checkout systems.) But what makes this effort different is that these robots are designed to sense emotions and to react accordingly.
At best, sophisticated analytics software can deliver good answers if the underlying data is accurate and—most critically—is the right data. For a lot of merchants, that is often not the case.

Ralph Dangelmaier, CEO of payment facilitator BlueSnap, is proposing what he sees as a better way, at least for extracting useful answers from payments data. From his perspective, there are two big mistakes that merchants tend to do. First, they give far too much weight to pageviews and site visits from a region, assuming that a lot of activity translates into a lot of sales. And secondly, when those merchants do wisely opt to isolate sales from a region, they neglect to go back and adjust those figures to account for refunds and chargebacks.

At best, sophisticated analytics software can deliver good answers if the underlying data is accurate and—most critically—is the right data. For a lot of merchants, that is often not the case.
Now that Walmart no longer has to pretend to be support CurrentC—thanks to its effective demise, courtesy of MCX's concession to reality—the largest retail chain announced Monday (May 16) that it had rolled out Walmart Pay across 110 Walmart stores in Arkansas and 480 Walmart stores in Texas. Walmart Pay the concept was announced by the merchant back in December. Walmart Pay has been rolled out in a way very different than Walmart wanted to do a mobile payment, but it's a model that has been obviously shaped by Apple Pay.

Like Apple Pay, it supports "any major credit, debit, pre-paid or Walmart gift card." But unlike Apple Pay, it works across iOS and Android devices. And unlike Apple Pay and every other NFC payment method, it can work on a far wider range of phones—especially older phones—that do not support NFC. All the phone needs is the ability to download an app and enough of a camera to scan a QR code. But Walmart Pay suffers a major weakness that Apple Pay doesn't. As long as the shopper is willing to use the default card in Apple Pay, all that the shopper need do is hold the phone right above the card reader. It doesn't need to be connected to any network, nor does the shopper have to launch an app, key in a password or manipulate the app in any way. Contrast that with Walmart Pay, which requires the shopper to find and then open the Walmart app, select Walmart Pay and then manually activate the camera and then scan a register QR code—which as many shoppers will confirm, isn't always that easy to do on the first or second attempt.

Now that Walmart no longer has to pretend to be support CurrentC—thanks to its effective demise, courtesy of MCX's concession to reality—the largest retail chain announced Monday (May 16) that it had rolled out Walmart Pay across 110 Walmart stores in Arkansas and 480 Walmart stores in Texas. Walmart Pay the concept was announced by the merchant back in December. Walmart Pay has been rolled out in a way very different than Walmart wanted to do a mobile payment, but it's a model that has been obviously shaped by Apple Pay.
When MCX on Monday (May 16) issued a statement that "MCX will postpone a nationwide rollout of its CurrentC application," it was akin to U.S. presidential candidates who suspend their campaigns. It's a polite way of saying "it's over" without having to say those words outloud.

But for many reasons, CurrentC never had much of a chance, having been created in the most merchant-centric (OK, I'll admit it: Walmart-centric) manner possible. It's creation was to give retailers a way to sharply cut back interchange fees and it was being pushed by a merchant who was already paying among the very lowest interchange fee percentages of anyone.

When MCX on Monday (May 16) issued a statement that "MCX will postpone a nationwide rollout of its CurrentC application," it was akin to U.S. presidential candidates who suspend their campaigns. It's a polite way of saying "it's over" without having to say those words outloud.