News Roundup: PayPal and Google Expand Partnership Again

A roundup of some of this week’s headlines includes biometric authentication news from PayPal and Trulioo, as well as a survey about the challenges of small and medium-sized businesses from WePay.

PayPal has further expanded its relationship with Google, announcing that Android Pay users can now make payments at online merchants using their fingerprints as authentication.

A roundup of some of this week’s headlines includes biometric authentication news from PayPal and Trulioo, as well as a survey about the challenges of small and medium-sized businesses from WePay.

Super Sloppy Security Gushes Aadhaar PII

In many respects, India's 9-year-old Aadhaar national ID system is a global model for simplifying payments, banking and payroll operations. It was designed to be a comprehensive database allowing easy access to bank accounts and other payments mechanisms. As a concept, it worked brilliantly.

But according to data from a report from the Centre For Internet and Society, it also serves as a world-class example of security recklessness, with methods so sloppy that they could have exposed sensitive data about almost a quarter of a billion Indian citizens.

In many respects, India's 9-year-old Aadhaar national ID system is a global model for simplifying payments, banking and payroll operations. It was designed to be a comprehensive database allowing easy access to bank accounts and other payments mechanisms. As a concept, it worked brilliantly. But according to data from a report from the Centre For Internet and Society, it also serves as a world-class example of security recklessness, with methods so sloppy that they could have exposed sensitive data about almost a quarter of a billion Indian citizens.

News Roundup: Adyen Doubles Revenue, Mastercard Names New Class of Startups

In a roundup of news from this week, Adyen announces significant growth, Stripe upgrades its Atlas program, Mastercard is taking applicants for summer Start Path Global program, and Wirecard and Alipay continue their expansion.
In a roundup of news from this week, Adyen announces significant growth, Stripe upgrades its Atlas program, Mastercard is taking applicants for summer Start Path Global program, and Wirecard and Alipay continue their expansion.

PayPal, Visa Extend Partnership to APAC

Visa and leading payment facilitator PayPal announced an expansion of a strategic partnership they entered into in the U.S. last summer.

The partnership is an agreement to work jointly to grow the adoption of mobile and digital payments. This latest agreement covers the Asia Pacific region.

As was the case in the U.S., the APAC partnership includes PayPal’s use of the Visa’s Digital Enablement Program (VDEP), which gives PayPal access to Visa’s tokenization technology. This enables PayPal users to conduct secure transactions at point-of-sale locations where Visa is accepted.

Visa and leading payment facilitator PayPal announced an expansion of a strategic partnership they entered into in the U.S. last summer. The partnership is an agreement to work jointly to grow the adoption of mobile and digital payments. This latest agreement covers the Asia Pacific region.

Is Frictionless Onboarding Too Risky?

With frictionless underwriting, it’s easy to sign up for merchant accounts in seconds. If that’s the case, what’s to keep bad actors from signing up for multiple accounts, with multiple service providers?

In the latest in our series of industry perspectives on frictionless onboarding, we talk to Danny Klein, the COO of cyber risk intelligence provider EverCompliant, about how risk has evolved along with the practice.

With frictionless underwriting, it’s easy to sign up for merchant accounts in seconds. If that’s the case, what’s to keep bad actors from signing up for multiple accounts, with multiple service providers? In the latest in our series of industry perspectives on frictionless onboarding, we talk to Danny Klein, the COO of cyber risk intelligence provider EverCompliant, about how risk has evolved along with the practice.

India’s Rapid Digitalization Means More Inclusion – and More Risk

We continue our series on frictionless underwriting this week with a closer look at India’s rapidly changing environment and what it means for onboarding and monitoring merchants.

With the advent of rapid digitalization in India, the race has been on for payments providers to board many merchants quickly.

Companies have responded to the government’s aggressive moves toward a digital economy by announcing a slew of new initiatives intended to bring small merchants into the fold.

With the advent of rapid digitalization in India, the race has been on for payments providers to board many merchants quickly. Companies have responded to the government’s aggressive moves toward a digital economy by announcing a slew of new initiatives intended to bring small merchants into the fold.

Q&A: The Risks and Benefits of Frictionless Underwriting

The advent of frictionless underwriting turned the payments world on its head. The ability to onboard merchants quickly with a minimum of fuss has enabled small merchants to accept payments more easily, clearing the way for many more to enter the market.

But the practice does have its downside. Lowering barriers to entry into the payments system lowers them for everyone, not just the good guys. With that in mind, PaymentFacilitator.com is beginning a series on the perils and the benefits of frictionless underwriting.

The advent of frictionless underwriting turned the payments world on its head. The ability to onboard merchants quickly with a minimum of fuss has enabled small merchants to accept payments more easily, clearing the way for many more to enter the market. But the practice does have its downside. Lowering barriers to entry into the payments system lowers them for everyone, not just the good guys. With that in mind, PaymentFacilitator.com is beginning a series on the perils and the benefits of frictionless underwriting.

Podcast: Why MAC Needs Payment Facilitators

This week, we talk with Melissa Sutherland, director of merchant solutions for LegitScript, a compliance company. Sutherland is also deeply involved with the Merchant Acquirers’ Committee, otherwise known as MAC.

We talk with Sutherland about the benefits of MAC membership and the reasons she’s involved. She shares some of the background behind the formation of the organization. The founders, she said, wanted to feel free to share information with each other about fraud and “didn’t want to be constricted by competition.”

This week, we talk with Melissa Sutherland, director of merchant solutions for LegitScript, a compliance company. Sutherland is also deeply involved with the Merchant Acquirers’ Committee, otherwise known as MAC. We talk with Sutherland about the benefits of MAC membership and the reasons she’s involved. She shares some of the background behind the formation of the organization. The founders, she said, wanted to feel free to share information with each other about fraud and “didn’t want to be constricted by competition.”

Visa on PFs: “It’s a Great Responsibility”

For an established company to grow, it needs to find new paths.

Sometimes, those paths lead somewhere unexpected.

Visa’s payment facilitator program is just such a route. For Visa, the program began simply as a way to expand acceptance of its cards. But it has evolved into much more.

For an established company to grow, it needs to find new paths. Sometimes, those paths lead somewhere unexpected. Visa’s payment facilitator program is just such a route. For Visa, the program began simply as a way to expand acceptance of its cards. But it has evolved into much more.

Podcast: What You Don’t Know Can Hurt You

This week, we talk with Chris Bucolo, director of market strategy for managed security service provider ControlScan, about e-commerce security.

When they take on payments, companies jump into a complex system where all parties are responsible for maintaining data security.

In some cases, payment facilitators are companies that have created applications that work well for the vertical they serve. But they may not always be aware of all the risk elements associated with that application.

This week, we talk with Chris Bucolo, director of market strategy for managed security service provider ControlScan, about e-commerce security. When they take on payments, companies jump into a complex system where all parties are responsible for maintaining data security. In some cases, payment facilitators are companies that have created applications that work well for the vertical they serve. But they may not always be aware of all the risk elements associated with that application.

Podcast: A Sneak Peek at the Upcoming MAC Conference

In this week’s podcast, we’re talking with Vadeene Sisk, chair of the Education Committee and secretary for MAC. She shares her perspective on what the organization does and how it can help payment facilitators. She also lets listeners in on highlights from some of the organization’s recent educational activities, including a popular webinar on what to expect from a Trump administration.
In this week’s podcast, we’re talking with Vadeene Sisk, chair of the Education Committee and secretary for MAC. She shares her perspective on what the organization does and how it can help payment facilitators.</p><p>She also lets listeners in on highlights from some of the organization’s recent educational activities, including a popular webinar on what to expect from a Trump administration.

Global News Roundup: Secure Payment by Live Chat and Best Practices for Merchant Onboarding

In a roundup of briefs from this week’s news, payment tech companies have been busy making deals and introducing new capabilities, India’s payments app is now available for more users, and Aite talks to acquirers about best practices for merchant onboarding.

Australian payment facilitator PromisePay has changed its name to Assembly. The company cited its evolution from an online payments provider to a company focused on customer experience, as the reason for the change.

In a roundup of briefs from this week’s news, payment tech companies have been busy making deals and introducing new capabilities, India’s payments app is now available for more users, and Aite talks to acquirers about best practices for merchant onboarding.

Podcast: Getting the Most Out of Underwriting Tools

In this week’s podcast, we talk to Marcus Smith, senior vice president of Risk Management for iPayment, a provider of payment solutions and processing services, about the tools used in underwriting submerchants.

Smith points out that while underwriting tools themselves are relatively simple, interpreting the results effectively requires some training.

In this week’s podcast, we talk to Marcus Smith, senior vice president of Risk Management for iPayment, a provider of payment solutions and processing services, about the tools used in underwriting submerchants. Smith points out that while underwriting tools themselves are relatively simple, interpreting the results effectively requires some training.

Proposed Cybersecurity Rule Hints at Priority for Regulators

Companies and organizations ranging from the U.S. Chamber of Commerce to banking technology provider Fiserv have submitted comments on a proposed rule from three federal agencies regarding enhanced cyber risk management standards. The advance notice of proposed rulemaking (ANPR) is directed at financial institutions and their service providers. The agencies said that they are considering enhanced standards to mitigate against the impact of technology failures and cyberattacks on one of those entities.

While any resulting rule is unlikely to apply to payment facilitators at this point, that doesn’t mean they should ignore it.

Companies and organizations ranging from the U.S. Chamber of Commerce to banking technology provider Fiserv have submitted comments on a proposed rule from three federal agencies regarding enhanced cyber risk management standards. The advance notice of proposed rulemaking (ANPR) is directed at financial institutions and their service providers. The agencies said that they are considering enhanced standards to mitigate against the impact of technology failures and cyberattacks on one of those entities. While any resulting rule is unlikely to apply to payment facilitators at this point, that doesn’t mean they should ignore it.

News Roundup: PF InstaMed Introduces Secure Token for Patient Portals

In a roundup of this week’s industry news, InstaMed tokenizes payment information for healthcare patient portals, Adyen nearly doubles transaction volume, and PayPal has a busy week.

Payment facilitator InstaMed has introduced what it calls the InstaMed Secure Token. The token enables healthcare providers to integrate payments within their patient portals without storing sensitive payment information on their servers.

In a roundup of this week’s industry news, InstaMed tokenizes payment information for healthcare patient portals, Adyen nearly doubles transaction volume, and PayPal has a busy week.

News Roundup: PF MCPayment Takes Controlling Stake in Alipay Acquirer Genesis Payment Solutions

In our roundup of this week’s industry news, a Singapore PF looks to expand with an Alipay acquirer and Intuit comes to an agreement over data sharing with JPMorgan Chase.

Singapore payment facilitator MCPayment announced that it has taken a controlling stake in Genesis Payment Solutions, a company licensed to acquire merchants on behalf of Alipay.

In our roundup of this week’s industry news, a Singapore PF looks to expand with an Alipay acquirer and Intuit comes to an agreement over data sharing with JPMorgan Chase.

Western Union Settlement a Reminder for PFs: AML Responsibility Doesn’t End at Onboarding

In the announcement last week that Western Union had agreed to pay $586 million as part of a settlement with the Justice Department and the Federal Trade Commission to resolve investigations into anti-money laundering and consumer fraud violations, authorities described the settlement as the “largest forfeiture ever imposed on a money services business.”

What should payment facilitators take away from this settlement?

In the announcement last week that Western Union had agreed to pay $586 million as part of a settlement with the Justice Department and the Federal Trade Commission to resolve investigations into anti-money laundering and consumer fraud violations, authorities described the settlement as the “largest forfeiture ever imposed on a money services business.” What should payment facilitators take away from this settlement?

Podcast: Underwriting Submerchants – How Responsible Are Acquirers?

Last week, we spoke with Deana Rich about the special considerations behind underwriting payment facilitators. This week we take our focus on underwriting in the payment facilitator space a step farther. We talk with Eric Haru, executive vice president, Risk and Compliance, for Merchant e-Solutions about underwriting submerchants.
Last week, we spoke with Deana Rich about the special considerations behind underwriting payment facilitators. This week we take our focus on underwriting in the payment facilitator space a step farther. We talk with Eric Haru, executive vice president, Risk and Compliance, for Merchant e-Solutions about underwriting submerchants.

Podcast: Underwriting Payment Facilitators Demystified

This week we’re talking with Rich Consulting president and compliance expert Deana Rich about underwriting payment facilitators. How is it different from underwriting other entities, and what are some of the special considerations?

Acquirers who are thinking about entering a relationship with a payment facilitator need to fully understand the risks and how to control them before making the commitment, Rich said.

This week we’re talking with Rich Consulting president and compliance expert Deana Rich about underwriting payment facilitators. How is it different from underwriting other entities, and what are some of the special considerations?

Podcast: Was 2016 the Year of the Service Provider Breach?

This week we’re talking with Chris Bucolo, director of market strategy for managed security service provider ControlScan. Last week, Bucolo wrote a guest post for PaymentFacilitator.com in which he talked about how risk is viewed and managed within the payment facilitator space. He expands on the topic in this conversation.
This week we’re talking with Chris Bucolo, director of market strategy for managed security service provider ControlScan. Last week, Bucolo wrote a guest post for PaymentFacilitator.com in which he talked about how risk is viewed and managed within the payment facilitator space. He expands on the topic in this conversation.

Payment Facilitators and Risk: How the Market Views Submerchants

There is plenty of evidence that the payment facilitator market will grow significantly over the next few years. There are multiple drivers for this growth, including the belief that the increased complexity of compliance/security requirements for merchants will generate more interest in this payments model.

Although there is general agreement that the growth potential is large, there is a divergent set of opinions on how risky the model is, and how risk needs to be approached.

There is plenty of evidence that the payment facilitator market will grow significantly over the next few years. There are multiple drivers for this growth, including the belief that the increased complexity of compliance/security requirements for merchants will generate more interest in this payments model. Although there is general agreement that the growth potential is large, there is a divergent set of opinions on how risky the model is, and how risk needs to be approached.

Machine Learning Powers Stripe’s New Fraud Prevention Tool

As card transaction volume grows, so does the level of fraud associated with those transactions.

In fact, growth in fraud is outpacing the growth in electronic transaction volume, according to new research from The Nilson Report. The publication said in a press release that global card fraud losses grew by 20.6% to total $21.84 billion last year, while transaction volume grew by 7.3%.

With statistics as grim as this, a smart approach to fraud detection is on many payment facilitators’ minds.

As card transaction volume grows, so does the level of fraud associated with those transactions. In fact, growth in fraud is outpacing the growth in electronic transaction volume, according to new research from The Nilson Report. The publication said in a press release that global card fraud losses grew by 20.6% to total $21.84 billion last year, while transaction volume grew by 7.3%.

European News Roundup: iZettle introduces intelligentpos to Germany, Britons Ditching Their Wallets

In a wrap of news from Europe this week, a payment facilitator expands its POS system outside the U.K., Mastercard released research about what Britons are carrying in their wallets, and Visa announced when it will activate its 3D Secure 2.0 program in Europe.
In a wrap of news from Europe this week, a payment facilitator expands its POS system outside the U.K., Mastercard released research about what Britons are carrying in their wallets, and Visa announced when it will activate its 3D Secure 2.0 program in Europe.

Are APIs Vulnerable? Two Crucial Places PFs Should Focus Now to Help Mitigate Risk

In the payment facilitator world, APIs are everywhere you look. In many cases, they’re the mechanism that allows the system to work – enabling payments infrastructure to integrate with other functions in a way that solves businesses’ unique problems.

So not surprisingly, API security is a hot topic. Does the use of APIs leave merchants more vulnerable to fraud? What are the special security considerations?

Not surprisingly, API security is a hot topic. Does the use of APIs leave merchants more vulnerable to fraud? What are the special security considerations?

Podcast: Comprehensive Resources for PFs in New Guidelines from ETA

In this week’s PaymentFacilitator.com podcast, we talk to Jason Oxman, CEO of the Electronic Transactions Association. On Thursday (Oct. 20), the organization is releasing its new payment facilitator guidelines at its 2016 Strategic Leadership Forum in Palm Beach, Fla.

The document is intended to serve as a toolkit for best practices related to fraud detection and prevention, Oxman said.

In this week’s PaymentFacilitator.com podcast, we talk to Jason Oxman, CEO of the Electronic Transactions Association. On Thursday (Oct. 20), the organization is releasing its new payment facilitator guidelines at its 2016 Strategic Leadership Forum in Palm Beach, Fla.

The Latest Fraud Panacea: 3D Secure 2.0! Well, We’ll See

The line between fraud prevention and bad customer experience continues to be a tightrope the payments industry has to walk. While the correct balance hasn’t yet been struck, industry watchers are bracing for another attempt when EMVCo releases 3DSecure 2.0 later this year.

EMVCo, a technical body overseen by its six member organizations – American Express, Discover, JCB, Mastercard, UnionPay, and Visa – is currently collecting industry feedback on a draft version of the revised specification, with the final version expected to be released this year. But will it be an improvement? And what should payment facilitators be watching for?

The line between fraud prevention and bad customer experience continues to be a tightrope the payments industry has to walk. While the correct balance hasn’t yet been struck, industry watchers are bracing for another attempt when EMVCo releases 3DSecure 2.0 later this year.

Mastercard Launches “Selfie Pay” in Europe

Finally, a good use for selfies.

This week Mastercard announced that it is officially rolling out its biometric authentication technology, what it’s unofficially calling “Selfie Pay,” in Europe. Following on the heels of pilots in the Netherlands as well as the U.S. and Canada earlier this year, Mastercard is introducing the technology in 12 countries across Europe.

Finally, a good use for selfies. This week Mastercard announced that it is officially rolling out its biometric authentication technology, what it’s unofficially calling “Selfie Pay,” in Europe. Following on the heels of pilots in the Netherlands as well as the U.S. and Canada earlier this year, Mastercard is introducing the technology in 12 countries across Europe.

Podcast: The Small Merchant’s Response to a Breach is to Pretend It Didn’t Happen

Of the seven stages of grief, the most remembered is denial. It's certainly remembered by small merchants, who often bizarrely gravitate to denial when they are told that they have been breached. At least that's how Chris Geron, chairman of the MAC Government Relations Committee, sees it.

The justifications for this denial are many, Geron said in this week's PaymentFacilitator.com podcast, a re-run from May 25. Some cling to the absurd belief that being granted a letter of PCI compliance means "that it's not possible to be breached," Geron said. Other small merchants react negatively to a notification from a cardbrand, bank or processor. "Small retailers often believe that if the information has not been shared with them by law enforcement, that the allegation of a breach is not true," Geron said. And some smaller store chains believe that only large chains get breached, he said, despite the fact that the opposite is true. But the most likely reality-denying aspect is financial.

Of the seven stages of grief, the most remembered is denial. It's certainly remembered by small merchants, who often bizarrely gravitate to denial when they are told that they have been breached. At least that's how Chris Geron, chairman of the MAC Government Relations Committee, sees it.

Unregistered Third Party Regpack’s Exposure Of 324,000 Transactions Proves A Cautionary Tale For PFs

A July exposure of transaction records from 899 submerchants serviced by payment facilitator BlueSnap highlights an important lesson for PFs.

In addition to making sure their own houses are in order, they bear responsibility for their submerchants and service providers as well. PFs who control all aspects of the card entry, where it’s impossible for a transaction to enter outside of their interface, may be able to certify compliance on behalf of all their submerchants. However, if any submerchant or service providers could conceivably get access to card data, the PF must ensure they are certified and registered. BlueSnap had to learn that the hard way.

A July exposure of transaction records from 899 submerchants serviced by payment facilitator BlueSnap highlights an important lesson for PFs.

Strong Authentication? Unanimous, But Many Say EU Proposed Rules Risk Sacrificing Innovation And Growth

As the European Union nears the creation of new rules on payments providers for consumer authentication, many question their utility.

The European Banking Authority's proposed rules say that service providers have to choose two of three verification methods: knowledge (such as a password), possession (a card, phone or wearable) and/or inherence (fingerprints, voice or iris scan, for example).

As the European Union nears the creation of new rules on payments providers for consumer authentication, many question their utility.

Tipalti Acts Like A PF In More Ways Than Taking Payments

Tipalti does a lot of things a PF does, except take credit card payments. The B2B accounts payable software service accepts six payment methods and does pre-payment checks against AML and OFAC lists and enables global payments, herding 26,000 payments rules and 120 currencies while streamlining supplier onboarding and providing everything but tax returns to its clients.

Tipalti just got $14 million in funding and chief marketing officer Rob Israch says accepting card payments is most likely in its future. It's another example of a perfect candidate to become a PF, but Israch says because it uses so many partners to do what it does, when it offers card payments to suppliers, freelancers, etc., the facilitation would most likely be outsourced. The company helps pay approximately 750,000 suppliers and remits $2 billion annually.

Tipalti does a lot of things a PF does, except take credit card payments.
The B2B accounts payable software service accepts six payment methods and does pre-payment checks against AML and OFAC lists and enables global payments, herding 26,000 payments rules and 120 currencies while streamlining supplier onboarding and providing everything but tax returns to its clients.

Podcast: MAC Regional Meeting Brings Together Hundreds Of Years Of Experience

In Dallas Sep. 27 the Merchant Acquirers Committee (MAC) hosts its Midwestern Regional Training meeting, one of its three regional gatherings packed with presentations and networking. Non MAC members are welcome to the all-day event that features seven sessions on topics presented by company executives from Visa, Mastercard, Rich Consulting, Mitigator, Kount, and Aperia.

Jim Bibles, vice president and chief compliance officer at Aperia and a MAC director, said in this week's paymentfacilitator.com podcast that the day is capped by a roundtable moderated by himself and Rich Consulting president Deana Rich. They enable the audience to ask questions that most times are answered by someone in the room, either a moderator or audience member.

In Dallas Sep. 27 the Merchant Acquirers Committee (MAC) hosts its Midwestern Regional Training meeting, one of its three regional gatherings packed with presentations and networking. Non MAC members are welcome to the all-day event that features seven sessions on topics presented by company executives from Visa, Mastercard, Rich Consulting, Mitigator, Kount, and Aperia.

Call Center Fraud Potential Keeping Consumers From Paying By Phone

Over half percent of UK consumers, 69 percent of U.S. consumers, and 60 percent of Australian consumers say they are becoming hesitant to make payments by phone.

A consumer survey by Syntec, one of the UK’s leading call center systems specialists, reveals that consumers in the U.S.and Australia agree with UK consumers: to decrease fraud, call centers should use the latest technology to hide payment card data from call center agents and call recordings.

Over half percent of UK consumers, 69 percent of U.S. consumers, and 60 percent of Australian consumers say they are becoming hesitant to make payments by phone.

Innovation In ID Technology Speeds KYC In India

Indian payment facilitator Paytm will be onboarding customers for its payments bank with eKYC enabled by India's voluntary national identification program, Aadhaar.

As of Sep. 5, 2016, 87 percent of India's 1.2 billion people had registered for the unique 12-digit number. To register, residents have to bring three forms of identification (proof of identity, proof of address, proof of birthdate) to an enrollment center, where their fingerprints and irises will be scanned.

Indian payment facilitator Paytm will be onboarding customers for its payments bank with eKYC enabled by India's voluntary national identification program, Aadhaar.

Guest Post: Be Prepared – Cyberfraud Is Stronger Than Ever

There has been a 50 percent increase in global cybercrime attacks, with 1 out of 10 new account applications now being rejected. This reflects the dual challenge of a rising threat as well as the potential for considerable impact on customer experience. These statistics come from a ThreatMetrix report named "ThreatMetrix Cybercrime Report," and it gives a number of other powerful warnings:

*A larger supply of stolen identities not surprisingly leads to a growing number of attacks based on those identities. As those identities are shared, sold, and further distributed, the risk multiplies; the report shows a 250 percent year over year increase.

There has been a 50 percent increase in global cybercrime attacks, with 1 out of 10 new account applications now being rejected. This reflects the dual challenge of a rising threat as well as the potential for considerable impact on customer experience. These statistics come from a ThreatMetrix report named "ThreatMetrix Cybercrime Report," and it gives a number of other powerful warnings:

Mastercard And Visa Gain Strength, But Did PayPal?

The deal between Mastercard and PayPal announced Sep. 6 was different for a day than the Visa-PayPal partnership announced in July. Mastercard spokesperson Robyn Cottelli says being a payment choice in PayPal's checkout is crucial, but not the only draw.

"Our thoughtful approach to the partnership with PayPal was not just focused on prominence as a payment option, but going beyond what we’ve seen Visa announce to drive further value for Mastercard and our partners," Cotelli tells paymentfacilitator.com.

The deal between Mastercard and PayPal announced Sep. 6 was different for a day than the Visa-PayPal partnership announced in July. Mastercard spokesperson Robyn Cottelli says being a payment choice in PayPal's checkout is crucial, but not the only draw.

Podcast: Cozy A Great Example Of A Could-Be PF

Cozy, a platform to streamline interactions between property managers and renters, just secured what it hopes is its last round of funding, an $8.5 million Series B led by American Family Ventures. The four-year-old company strives to make the renting process between independent landlords and renters simple, secure and intuitive.

In three years Cozy has worked with three payment processors –BancBox, Balanced Payments, and currently Stripe--and vice president of engineering Rob Galanakis shared on this week's paymentfacilitator.com podcast the company's trials and tribulations with the churn and the decision whether to become a payment facilitator.

Cozy, a platform to streamline interactions between property managers and renters, just secured what it hopes is its last round of funding, an $8.5 million Series B led by American Family Ventures. The four-year-old company strives to make the renting process between independent landlords and renters simple, secure and intuitive.

Tech Mobile Contactless Marketing Could Turn The U.S. EMV Frown Upside Down

More than a decade after the U.S. payments community tried and failed to make contactless payments work, EMV resentment and a well-funded mobile payment app movement may make U.S. contactless payments not merely viable, but vibrant—perhaps as soon as late 2018.

One result could be that the U.S. adopts mobile contactless payments before and in higher numbers than chip cards as tech giants like Apple and Samsung and Google blitz consumers with mobile payment app marketing that was not a factor when the country tried contactless a decade ago.

More than a decade after the U.S. payments community tried and failed to make contactless payments work, EMV resentment and a well-funded mobile payment app movement may make U.S. contactless payments not merely viable, but vibrant—perhaps as soon as late 2018.

If Chargebacks And False Declines Are The Problem, PFs Are A Solution

Chargebacks and false declines present many problems to merchants and issuers alike but where there's complications, there's payment facilitator opportunity, says one risk management expert.

"Whereas merchants may not be familiar with all aspects of payment processing and risk management controls, payment facilitators provide affordable accessibility to systems, knowledge and focused expertise that may otherwise be unattainable," says Marcus Smith, the senior vice president of risk management for processor iPayment Inc. "Due to scale and buying power, payment facilitators can also allow merchants to benefit from their data acquisition, proprietary and third party technology and other value added service that meet the needs of their aggregate clientele. Ultimately, payment facilitators can eliminate various administrative costs and distractions allowing merchants to place their money, time and attention on managing and growing their business."

Chargebacks and false declines present many problems to merchants and issuers alike but where there's complications, there's payment facilitator opportunity, says one risk management expert.

EMV Roundup: Security Flaw? Mobile Device Approval And Requirements Update

There was a host of stories last week on the occasion of the 10-month anniversary of the Oct. 15, 2015 EMV migration date. While there have been extensions to the date of transfer of liability from issuers to non-EMV enabled merchants, apparently the story writers couldn’t wait for the more traditional annual lookback. Major data thus far: the U.S. is the only region in the world where chip card usage is lower than chip card deployment and adoption, and is last by far of the globe's six regions in both deployment and use.

Some real developments around EMV took place this past week though, as the pursuit of a more robust infrastructure and consumer acceptance continues:

There was a host of stories last week on the occasion of the 10-month anniversary of the Oct. 15, 2015 EMV migration date. While there have been extensions to the date of transfer of liability from issuers to non-EMV enabled merchants, apparently the story writers couldn’t wait for the more traditional annual lookback. Major data thus far: the U.S. is the only region in the world where chip card usage is lower than chip card deployment and adoption, and is last by far of the globe's six regions in both deployment and use.

Podcast: Transaction Laundering — How Not To Get Taken To The Cleaners

One of the cyberthief's favorite tactics these days is transaction laundering, where the bad guy takes their bad transactions—usually for drugs, gambling, counterfeit goods or human trafficking—and runs them through seemingly good web sites, ones ostensibly trying to sell innocuous products.

There are things that a payment facilitator can do to thwart such efforts and that is the focus of this week's podcast, a re-run from March 30, featuring Deana Rich, president of Rich Consulting.

One of the cyberthief's favorite tactics these days is transaction laundering, where the bad guy takes their bad transactions—usually for drugs, gambling, counterfeit goods or human trafficking—and runs them through seemingly good web sites, ones ostensibly trying to sell innocuous products.

PIN Is Not A Win. Merchants Don’t Get That

Don't pin your hopes on PIN. That's the advice of a report from the Aite Group, which claims that the cost of having to implement PIN for all card transactions, especially for merchants who don’t already have PIN pads, may just not be worth the expense considering the limited impact on fraud and merchant liability.

The report "Chip Cards in the United States: The PIN, PINless, Debit, Credit Conundrum" says because merchants misunderstand fraud and their own liability risks, a large majority (65 percent of those surveyed) are in favor of implementing chip and PIN in EMV card transactions. None of the issuers surveyed were in favor of it.

Don't pin your hopes on PIN. That's the advice of a report from the Aite Group, which claims that the cost of having to implement PIN for all card transactions, especially for merchants who don’t already have PIN pads, may just not be worth the expense considering the limited impact on fraud and merchant liability.

On China’s Payments SuperHighway, Regulators Stomp The Brakes And AsiaPay Hits The Gas

When you drive on rough roads you don't have to slow down, but you do steer more carefully, guiding your car to smoother surfaces. Chinese payment facilitator AsiaPay is welcoming China's recent regulation tightening as a move to help clean up the country's payments industry's fraud-infested reputation. AsiaPay is reading the new road sign as it zooms by, according to our interview with its CEO Joseph Chan, a key player in the massive payments market that is China.

How massive? In their 2015 report on global payments, Capgemini and the Royal Bank of Scotland said China's non-cash transaction volume growth in 2013 led the world's countries at 37 percent, with the region they call Emerging Asia (India, China, Hong Kong and other Asian countries) leading global regions with more than 21 percent growth. Alipay and WeChat are the dominant third party service providers in the online and mobile payments. ApplePay and SamsungPay have entered the market as well, though they use NFC rather than the QR code conduit favored by Alipay and WeChat.

When you drive on rough roads you don't have to slow down, but you do steer more carefully, guiding your car to smoother surfaces. Chinese payment facilitator AsiaPay is welcoming China's recent regulation tightening as a move to help clean up the country's payments industry's fraud-infested reputation. AsiaPay is reading the new road sign as it zooms by, according to our interview with its CEO Joseph Chan, a key player in the massive payments market that is China.

Global Mobile Brew Is Strong

Turkish coffee is almost as strong as Turkish use of mobile devices for banking and shopping and payments, but not as strong as the payments industry action in Europe. The Turks led a group of 15 countries in most of the categories of questions asked about mobile device usage for a recently released report on mobile banking, mobile shopping and mobile payments conducted for ING International by Ipsos.

The report is titled ING International Survey Mobile Banking 2016 but as ING economist Ian Bright explains, one thing has led to another, as it usually does in fintech, and banking only scratches the surface now, four years after its first mobile banking report.

Turkish coffee is almost as strong as Turkish use of mobile devices for banking and shopping and payments, but not as strong as the payments industry action in Europe. The Turks led a group of 15 countries in most of the categories of questions asked about mobile device usage for a recently released report on mobile banking, mobile shopping and mobile payments conducted for ING International by Ipsos.

Podcast: MAC Wants YOU To Learn Payment Facilitator Mastery

If you want to hang out at the Federal Reserve Bank of Atlanta, exchanging payment facilitator information and battle scars, you only need to join the Merchant Acquirers Committee (MAC). New and veteran payment facilitators can climb their steep learning curve with help from the members of the MAC; experienced peers, vendors, lawyers, government representatives and card brands exchange information and lessons learned to advance the cause of the payments industry.

"Membership in MAC is a huge opportunity because you can apply your questions to a wealth of knowledge from years and years of experience," said Dione Hodges, MAC's senior director of risk management. "From a payment facilitator standpoint, what you've found challenging today someone has already experienced previously."

If you want to hang out at the Federal Reserve Bank of Atlanta, exchanging payment facilitator information and battle scars, you only need to join the Merchant Acquirers Committee (MAC). New and veteran payment facilitators can climb their steep learning curve with help from the members of the MAC; experienced peers, vendors, lawyers, government representatives and card brands exchange information and lessons learned to advance the cause of the payments industry.

Chargeback Mitigation Date Is Nigh For Visa While MasterCard Says It Has Already Begun

July 22 is TVIF --Thank Visa It's Friday – for non-EMV compliant merchants, especially small merchants and the payment facilitators who target them. That day Visa will ease the burden on merchants not yet compliant with EMV hardware and/or certification of that hardware by blocking all U.S. counterfeit fraud chargebacks under $25 until April 2018.

It's a big deal that the giant brand is paying attention to the little guys, who not only win financially but also save time and headaches involved with chargebacks.

July 22 is TVIF --Thank Visa It's Friday – for non-EMV compliant merchants, especially small merchants and the payment facilitators who target them. That day Visa will ease the burden on merchants not yet compliant with EMV hardware and/or certification of that hardware by blocking all U.S. counterfeit fraud chargebacks under $25 until April 2018.

Kroger Details Its Fun-Filled Visa Negotiations

Have retailers suddenly started developing backbones, in terms of pushing back on payments companies? On Monday (June 27), Kroger sued Visa about how it was implementing EMV, in much the same way that Walmart and Home Depot have done. This follows Walmart kicking Visa out of Canada and a major German company rejecting PayPal after PayPal apologized and reinstated it. Did somebody spike the NRF water fountains with super-caffeine or something? Or have merchants decided that they can push back on payments giants with little risk of meaningful pain?

EMV rules seems to have been the PIN straw that broke the POS camel's back, as even Apple Pay has suffered performance degradations following EMV migrations. The big picture arguments about security—that it's blindingly obvious that PIN is far more secure than signature—are obscured by the reality that this is really a fight about interchange fees. And the EMV argument that the path to PIN must be glacially slow or else American consumers will freak out from the change, despite the fact that most are quite used to PINs from ATMs and debit cards, is frighteningly valid. And here it is in the land of EMV rules that grocery giant Kroger makes it stand.

Have retailers suddenly started developing backbones, in terms of pushing back on payments companies? On Monday (June 27), Kroger sued Visa about how it was implementing EMV, in much the same way that Walmart and Home Depot have done. This follows Walmart kicking Visa out of Canada and a major German company rejecting PayPal after PayPal apologized and reinstated it. Did somebody spike the NRF water fountains with super-caffeine or something? Or have merchants decided that they can push back on payments giants with little risk of meaningful pain?

For Brexit Payments, A Big PF Opportunity

In the aftermath of the Brexit vote in the U.K., some payments professionals were panicked given the huge number of European Union payments regulations at play. A U.K. that went its own way on payments—just as it did with monetary policy when it stuck with the Pound and never embraced the Euro—could cause confusion and other problems with cross-border transactions.

This issue is critical for payment facilitators for two reasons. First, one of the biggest values offered by PFs is that PFs offer a way for merchants to sidestep payments complexities. With all of this uncertainty throughout the European payments world, confusion could easily make merchants far more open to the idea of bringing in a PF, as a guard against having to deal with a wide range of potentially changing payments rules. Secondly, the other dominant value offered by PFs are services for merchants that go way beyond what is currently offered. Those services include a wide range of offerings, but ways to effortlessly manage cross-border payments in a post-EU payments world would certainly be among them.

In the aftermath of the Brexit vote in the U.K., some payments professionals were panicked given the huge number of European Union payments regulations at play. A U.K. that went its own way on payments—just as it did with monetary policy when it stuck with the Pound and never embraced the Euro—could cause confusion and other problems with cross-border transactions.

PayPal Reinstates German Company, Apologizes. Company: Thanks, But No Thanks

On Wednesday (June 22), a German company that had been cut off from payments from PayPal because of German privacy rules lashed back at PayPal. PayPal had backed down, apologized and reinstated the company, but the German firm said it was too angry with PayPal to necessarily return.

This started out as a tale of regulatory disclosures gone wacky and ended up as a story about companies deciding there is only so much payments guff they'll take before rebelling. That second tale started with Walmart's payments heresy move, as it stopped accepting Visa in Canada. The beginning of this tale happened last week, when PayPay insisted on information from the file-sharing company, Seafile, that the company couldn't provide due to German privacy rules.

On Wednesday (June 22), a German company that had been cut off from payments from PayPal because of German privacy rules lashed back at PayPal. PayPal had backed down, apologized and reinstated the company, but the German firm said it was too angry with PayPal to necessarily return.

How To Get Cracking On Your PayFac-ing

There are at least two great reasons to jump into the payment facilitator game-- increased revenues and market share—and many many tools to help. One of those tools is advice from the hard-won success achieved by those who have made the leap.

In a session on the ins and outs of starting a payfac at the second annual Payment Facilitator Day at Transact16 in April, Kevin Harris of RunSignUp said training people was more of a challenge than software concerns, and David Weiss of Yapstone shared the difficulties of international expansion. Nick Starai of gateway tech company NMI told the audience to concentrate on the business they know best rather than focus on technological bells and whistles. The highlights of the discussion fill this week's paymentfacilitator.com podcast, the next best thing to having been there.

There are at least two great reasons to jump into the payment facilitator game-- increased revenues and market share—and many many tools to help. One of those tools is advice from the hard-won success achieved by those who have made the leap.

Fraud And Compliance And Rules, Oh My!

The pain of keeping all the rules and regulations straight for a payment facilitator is only exceeded by the pain of not keeping them straight. A PF has to protect itself from merchant problems with underwriting and monitoring, while adhering to the mandates from card brands and acquirers. It's a lot now, but as everyone knows, there's more coming.

As heard in this week's edition of the PaymentFacilitator.com podcast, the best PFs can do to mitigate excessive regulation from without is to do more within, said Rich Consulting president Deana Rich, moderator of the session Emerging Threats Cage Match: Compliance v. Fraud at the second annual Payment Facilitator Day at Transact 16 in April.

The pain of keeping all the rules and regulations straight for a payment facilitator is only exceeded by the pain of not keeping them straight.

A PF has to protect itself from merchant problems with underwriting and monitoring, while adhering to the mandates from card brands and acquirers. It's a lot now, but as everyone knows, there's more coming.

BIN There, But Many Forgot To Done That

The BIN is such a critical part of transactions today that it's taken for granted. And even though it's been said ad nauseum for many years that we're running out of BIN numbers and that a new approach is needed. And ISO's imminent 8-digit BIN standard is intended to address the problem, but the deep integration of BIN means that the transition won't be easy.

Double Diamond President Todd Ablowitz is arguing that this could prove calamitous—necessary but calamitous. The potential damage could be severe, but relatively short-lived. It will be short-lived because updating systems will be relatively straight-forward. The disastrous part is he fears that a very large number of people won't initially realize how critical the BIN change is and then will get hit with oceans of declined transactions until they realize it's all about the BIN change. "People aren't taking actions because they don't realize how much this is actually a really big deal," Ablowitz said. "Because the BIN is used for so very much, if you don't have your BIN set properly, you're not going to know until it's too late."

The BIN is such a critical part of transactions today that it's taken for granted. And even though it's been said ad nauseum for many years that we're running out of BIN numbers and that a new approach is needed. And ISO's imminent 8-digit BIN standard is intended to address the problem, but the deep integration of BIN means that the transition won't be easy.

CFBP Wants Payments Firms To Police Consumers

In a telling lawsuit, the U.S. Consumer Financial Protection Bureau (CFPB) on Monday (June 6) sued processor Intercept Corp. and two of its executives for"enabling unauthorized and other illegal withdrawals from consumer accounts by their clients" and ne having "turned a blind eye to blatant warning signs of potential fraud or lawbreaking by its clients."

This move is interesting in that it places processors—and, presumably, others in the payments arena—in the role of quasi-law-enforcement. Is a mobile carrier to blame if customers use their phones to make obscene phonecalls, sell drugs or arrange murders? Is a hardware store to blame if someone buys a hammer and uses it to attack someone?

In a telling lawsuit, the U.S. Consumer Financial Protection Bureau (CFPB) on Monday (June 6) sued processor Intercept Corp. and two of its executives for"enabling unauthorized and other illegal withdrawals from consumer accounts by their clients" and ne having "turned a blind eye to blatant warning signs of potential fraud or lawbreaking by its clients."

Feds Peer Into Payments Regulatory Crystal Ball—And Get Headaches

For whatever consolation it offers, the feds overseeing payments-related regulatory issues are as apprehensive as payment facilitators. As the payments world is undergoing massive change in new and different ways of handling payments—an area where PFs lead—Justice and Treasury top brass are struggling to figure out the right ways to execute oversight.

Indeed, there's even talk of adopting a European-like saferoom approach, where startups have a limited window to explore and innovate without worrying about regulators cracking down. It's a saferoom in the sense that no idea is too risky to not be explored, even for a limited period of time. In other words, regulators are toying with the idea of whether it's sometimes best to not regulate at all.

For whatever consolation it offers, the feds overseeing payments-related regulatory issues are as apprehensive as payment facilitators. As the payments world is undergoing massive change in new and different ways of handling payments—an area where PFs lead—Justice and Treasury top brass are struggling to figure out the right ways to execute oversight.

NRF Mounts An Impressive Takedown Of PCI

The National Retail Federation (NRF) has never been a huge fan of the PCI Security Council. But in a detailed note sent to the U.S. Federal Trade Commission (FTC) late last month, NRF's lawyers crafted an impressive takedown of PCI, arguing that PCI represents a monopoly-like attempt by the card brands to control retailers.

The trigger for the FTC letter appears to be concerns that the FTC might incorporate PCI compliance with recommendations it is preparing—a move that would solidify and increase PCI's leverage and power. This is one of these arguments that is best articulated in the abstract. At the legal abstract hypothetical level, NRF makes an impressive-sounding case that PCI is indeed a powerplay by the cardbrands.

The National Retail Federation (NRF) has never been a huge fan of the PCI Security Council. But in a detailed note sent to the U.S. Federal Trade Commission (FTC) late last month, NRF's lawyers crafted an impressive takedown of PCI, arguing that PCI represents a monopoly-like attempt by the card brands to control retailers.

New Treasury Rules Mean Huge PF Changes

A new set of rules announced by the U.S. Treasury Department in May will force payment facilitators to reveal not only who owns a company, but also whoever controls and/or manages it. This will mean a lot more information will have to be revealed about charities, non-profits and other PF-friendly businesses. The new rules requires that each owner who has more than 25 percent of ownership must be identified, along with anyone who controls or manages the operations, whether or not they are an owner. On the plus side, these rules are not retroactive and won't even start kicking in until July 11, 2016, with required implementation not happening until May 11, 2018.

What are the key PF implications? "PFs that deal in small mom and pops will have no change when there is one owner and she/he is in control," said Deana Rich, head of Rich Consulting. "PFs will have a big change if there are two owners—such as a husband and wife each with 50 percent. In the past, only one was necessary. Now it will be two. But there's an added string. If their kid runs the business, now (the son/daughter) will be required to be IDed as well."

A new set of rules announced by the U.S. Treasury Department in May will force payment facilitators to reveal not only who owns a company, but also whoever controls and/or manages it. This will mean a lot more information will have to be revealed about charities, non-profits and other PF-friendly businesses.

A Scary Peek Into Square’s New Privacy Policy

Most privacy policies and terms of service—especially with payments companies—are indeed about privacy. The company's privacy, meaning that they want to keep their customers from knowing it to the extent possible. To that end, most are filled with legalese, are overly long and used the smallest and most difficult to read font as possible.

Square's may be no different in that regard, but on Tuesday (May 31), they announced a slightly different way to deliver it. It was a slight nod to transparency by making both the privacy policy and its terms of service somewhat shorter. No, it didn't surrender any protections. But it created several different versions of each document, crafted for its different kinds of customers. The theory is, in effect, why burden consumers with rules that only apply to merchants? So we decided to dig deep into what these new privacy policies said, Buyer beware.

Most privacy policies and terms of service—especially with payments companies—are indeed about privacy. The company's privacy, meaning that they want to keep their customers from knowing it to the extent possible. To that end, most are filled with legalese, are overly long and used the smallest and most difficult to read font as possible.

EMV Really Screwing Up Apple Pay

Oh, what a tangled web we weave when EMV data we receive. As more major retail chains fully accept EMV payments, Apple Pay is being dealt some serious experience setbacks, such as being asked twice for price verification and being asked for fingerprint biometric authentication and then, a few screens later, a signature. Neither of those steps were part of the Apple Pay process until merchants switched on EMV.

To be clear, those time-wasting moves are not part of the Apple Pay process at all, but are superimposed after the Apple Pay transaction is complete and customers think they are done. The reason this is now happening is due to very strict interpretations of EMV rules—and the fact that the nature of the payment mechanism (beyond that it's contactless) is not always communicated to the POS. Hence, it must assume the worst. When two retailers—Trader Joe's and Whole Foods--last week made the switch through upgraded Verifone POS terminals, customers used to speedy Apple Pay experiences were literally being called back to the checkout lane to complete the additional keystrokes. Before, once Apple Pay's screen said "done" and displayed an animated checkmark, they were free to leave. Not so in an EMV world.

Oh, what a tangled web we weave when EMV data we receive. As more major retail chains fully accept EMV payments, Apple Pay is being dealt some serious experience setbacks, such as being asked twice for price verification and being asked for fingerprint biometric authentication and then, a few screens later, a signature. Neither of those steps were part of the Apple Pay process until merchants switched on EMV.

Good Analytics Won’t Help If Your Data Sucks

At best, sophisticated analytics software can deliver good answers if the underlying data is accurate and—most critically—is the right data. For a lot of merchants, that is often not the case.

Ralph Dangelmaier, CEO of payment facilitator BlueSnap, is proposing what he sees as a better way, at least for extracting useful answers from payments data. From his perspective, there are two big mistakes that merchants tend to do. First, they give far too much weight to pageviews and site visits from a region, assuming that a lot of activity translates into a lot of sales. And secondly, when those merchants do wisely opt to isolate sales from a region, they neglect to go back and adjust those figures to account for refunds and chargebacks.

At best, sophisticated analytics software can deliver good answers if the underlying data is accurate and—most critically—is the right data. For a lot of merchants, that is often not the case.

Podcast: The Small Merchant’s Response To A Breach Is To Pretend It Didn’t Happen

Of the seven stages of grief, the most remembered is denial. It's certainly remembered by small merchants, who often bizarrely gravitate to denial when they are told that they have been breached. At least that's how Chris Geron, chairman of the MAC Government Relations Committee, sees it.

The justifications for this denial are many, Geron said in this week's PaymentFacilitator.com podcast. Some cling to the absurd belief that being granted a letter of PCI compliance means "that it's not possible to be breached," Geron said. Other small merchants react negatively to a notification from a cardbrand, bank or processor. "Small retailers often believe that if the information has not been shared with them by law enforcement, that the allegation of a breach is not true," Geron said. And some smaller store chains believe that only large chains get breached, he said, despite the fact that the opposite is true. But the most likely reality-denying aspect is financial.

Of the seven stages of grief, the most remembered is denial. It's certainly remembered by small merchants, who often bizarrely gravitate to denial when they are told that they have been breached. At least that's how Chris Geron, chairman of the MAC Government Relations Committee, sees it.

Chase Makes The Right Security Move After SWIFT Breaches

A report Tuesday (May 17) that J.P. Morgan Chase "has limited some employees’ access to the Swift global interbank messaging service amid questions about security breaches at a pair of Asian banks that used the funds-transfer platform" raises some concerns, but it appears to be just enforcing a stricter "need to know" and "need to access" approach from Chase.

Although there have been other reports raising the possibility of an earlier Swift attack—with a major Bangladesh bank—being an insider job, it could just as easily be an attack where the bank employees were victimized. Employees might have had their credentials stolen via keystroke-capturing malware or being tricked into visiting a credential-stealing site designed to look like Swift's access area.

A report Tuesday (May 17) that J.P. Morgan Chase "has limited some employees’ access to the Swift global interbank messaging service amid questions about security breaches at a pair of Asian banks that used the funds-transfer platform" raises some concerns, but it appears to be just enforcing a stricter "need to know" and "need to access" approach from Chase.

More State Money Transmitter Headaches

As states continue to play with how they define money transmitters, the payment facilitator is caught in the middle. And one payments advocate suggests that it may force a greater role for processors.

Mike Cottrell, direct of global marketing at ProPay and our guest this week for the PaymentFacilitator.com podcast series, argues that not only could this encourage PFs to embrace a greater role for processors, but it could also discourage innovation. In the podcast, Cottrell painted a scenario where PFs—who see themselves as helping merchants do business—will start to pull back on very innovative efforts if it means that they have to spend much more time filling out forms and adhering to different regulations.

As states continue to play with how they define money transmitters, the payment facilitator is caught in the middle. And one payments advocate suggests that it may force a greater role for processors.

Wendy’s Admits Almost 350 Stores Hit In POS Attack

On Wednesday (May 11), Wendy's said that "fewer than 300 of approximately 5,500 franchised North America Wendy's restaurants" had malware in their POS systems and another "approximately 50 franchise restaurants are suspected of experiencing, or have been found to have, unrelated cybersecurity issues." This comes on the heels of a lawsuit that accused Wendy's of a wide range of IT security shortcomings.

In the new statement, Wendy's did not identify which POS was impacted, but it strongly implied that new Aloha POS systems—currently being installed throughout the company, with the stated goal of full deployment by "year-end 2016"—were not infected. Wendy's "has worked aggressively with its investigator to identify the source of the malware and quantify the extent of the malicious cyber-attacks, and has disabled and eradicated the malware in affected restaurants. The Company continues to work through a defined process with the payment card brands, its investigator and federal law enforcement authorities to complete the investigation," Wendy's said.

On Wednesday (May 11), Wendy's said that "fewer than 300 of approximately 5,500 franchised North America Wendy's restaurants" had malware in their POS systems and another "approximately 50 franchise restaurants are suspected of experiencing, or have been found to have, unrelated cybersecurity issues." This comes on the heels of a lawsuit that accused Wendy's of a wide range of IT security shortcomings.

Walmart’s Visa PIN Lawsuit Puts A “We Want Security” Face On A “We Want More Money” Argument

With their frequent lawsuits and counter-suits, Walmart and Visa is that always-quarreling couple that stays together for the sake of the kids. Only in this case, the kids are the piles of money each makes from the other. Alas, anything that forces the argument of PIN versus signature into the light is a good thing for payments and, by extension, payment facilitators.

Quick update on the latest example. On Tuesday (May 10), Walmart sued Visa, with the largest merchant saying that the largest card brand is forcing Walmart to accept signature on debit transactions when it would rather accept PIN. Walmart's argument is that PIN is more secure—which it is—and Walmart neglects to stress that Walmart can save money by processing PIN transactions elsewhere.

With their frequent lawsuits and counter-suits, Walmart and Visa is that always-quarreling couple that stays together for the sake of the kids. Only in this case, the kids are the piles of money each makes from the other. Alas, anything that forces the argument of PIN versus signature into the light is a good thing for payments and, by extension, payment facilitators.

FTC Investigating Venmo, Potentially Raising Compliance Interpretation Issues

Venmo has gotten into trouble—of the embarrassment sort—before with aggressive compliance efforts. That was specifically when it created a list of words that could delay transaction processing, such as the word Persian. And PayPal-owned Venmo was hardly alone, with Chase was caught doing similar word scans, as a man who had a dog named Dash discovered.

But the U.S. Federal Trade Commission has now launched a formal investigation into Venmo. With the FTC, phrasing is critical. An investigation is very different than an FTC study, such as the one the FTC launched to look into practices of the PCI Council. PayPal disclosed the investigation in an SEC filing last week. What exactly is being investigated?

Venmo has gotten into trouble—of the embarrassment sort—before with aggressive compliance efforts. That was specifically when it created a list of words that could delay transaction processing, such as the word Persian. And PayPal-owned Venmo was hardly alone, with Chase was caught doing similar word scans, as a man who had a dog named Dash discovered.

PCI Just Gave A Huge Gift To PFs

Merchants of all sizes love to hate PCI. In a perverse sense then, PCI can be a payment facilitator's best friend. The more complicated, difficult and agonizing PCI guidelines become, the more merchants—especially smaller ones—will find tremendous value in pawning off the PCI duties to someone else, especially someone else—such as a PF—that knows PCI and other compliance rules intimately.

It's for that reason that what the PCI Security Standards Council did last week is so important. Not only are they making the rules more demanding and complicated—a necessary move to boost the rules' security—but they are now applying the rules far more broadly, implicating executives who had never before had to directly deal with PCI. Put into corporate terms, it's one thing to infuriate a bunch of CIOs and CISOs, but it's quite a different thing to infuriate their CFO, COO and CEO bosses as well as their bosses, namely board members. And yet that's exactly what the council is doing.

Merchants of all sizes love to hate PCI. In a perverse sense then, PCI can be a payment facilitator's best friend. The more complicated, difficult and agonizing PCI guidelines become, the more merchants—especially smaller ones—will find tremendous value in pawning off the PCI duties to someone else, especially someone else—such as a PF—that knows PCI and other compliance rules intimately.

PayPal’s New Fraud Rules Are Key For PFs

PayPal announced Wednesday (May 4) a series of payments policy changes, including late-to-the-game restrictions on gift cards, a longtime favorite cyberthief tool. Given PayPal's massive marketshare, payment facilitators need to watch closely any policy changes the no-longer-Ebay-unit makes. In short, any fraud-related changes that PayPal makes gives political cover for any PF to mimic the move.

The biggest change is that PayPal is now excluding "items equivalent to cash, including gift cards" from its PayPal Seller Protection program. It made a similar change to its Purchase Protection program by "clarifying the exclusion for items equivalent to cash to now include stored value items such as gift cards and pre-paid cards." A few other items that will no longer be supported by purchase protection—at least as of June 25, when the new rules are scheduled to kick in—are payments on crowdfunding platforms, "gambling, gaming and/or any other activity with an entry fee and a prize" and "anything purchased from or an amount paid to a government agency."

PayPal announced Wednesday (May 4) a series of payments policy changes, including late-to-the-game restrictions on gift cards, a longtime favorite cyberthief tool. Given PayPal's massive marketshare, payment facilitators need to watch closely any policy changes the no-longer-Ebay-unit makes. In short, any fraud-related changes that PayPal makes gives political cover for any PF to mimic the move.

MasterCard Follows Visa To A More Comfortable EMV Experience

On Wednesday April 27, MasterCard unveiled its M/Chip Fast, which is an almost identical version of Visa's Quick Chip For EMV. Both approaches cut down on some authentication so that the EMV card can be removed a couple of seconds after the shopper dips it. And both Visa and MasterCard are only pushing it for retailers that have the greatest need for speed, which has the unfortunate result of guaranteeing vastly different EMV experiences as shoppers go from merchant to merchant.

In a GuestView this week, Mercator Advisory Group's Tim Sloane argued that by encouraging different kinds of EMV experiences, the card brands might be impeding the rapid adoption of EMV. In MasterCard's statement, the brand said it was important that it join Visa's effort and that EMV can only succeed through industry standardization. "MasterCard called for the industry to activate current action-oriented forums like the Payments Security Taskforce and the EMV Migration Forum to align behind a common approach to address perceptions of speed of a chip card transaction," the statement said, before quoting Ajay Bhalla, president of enterprise risk and security for MasterCard saying "Ultimately, we all want to deliver great experiences for consumers and merchants. That’s why we believe that M/Chip Fast or any similar product should be implemented in consultation with the industry. With that holistic view, interested merchants can easily integrate this with their current systems to provide both speed and security for all chip cards.”

On Wednesday April 27, MasterCard unveiled its M/Chip Fast, which is an almost identical version of Visa's Quick Chip For EMV. Both approaches cut down on some authentication so that the EMV card can be removed a couple of seconds after the shopper dips it. And both Visa and MasterCard are only pushing it for retailers that have the greatest need for speed, which has the unfortunate result of guaranteeing vastly different EMV experiences as shoppers go from merchant to merchant.

PFs Should Take Liability Far More Often Than Anyone Expected

Based on analysis of the payment facilitator model, payments consultant Todd Ablowitz is arguing that payment facilitators need to take on liability a lot more often than they might think.

"Taking the risk as a PF is a choice. Do I take the liability or let the acquirer take the liability?" Ablowitz said. "It doesn't have a dial. You can have a dial on fraud and you can have a dial on credit, but you can't have a dial on how much risk tolerance you have for regulatory. You always have to be on point there. (If you don't), your acquirer will beat you up, the regulators will drag you through the mud and take you to court. You don't want it."

Based on analysis of the payment facilitator model, payments consultant Todd Ablowitz is arguing that payment facilitators need to take on liability a lot more often than they might think.

SWIFT Confirms Major Data Breach As Details Leak Out

On Monday (April 25), SWIFT announced that it is aware of "a number of recent cyber incidents where attackers had sent fraudulent messages over its system," Reuters said. "SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters." This follows publication of quite a few details about the breach that surfaced earlier in the day by the BAE Threat Research Blog, which noted that the attackers attempted to steal $951 million, of which $81 million still unaccounted for.

"This malware appears to be just part of a wider attack toolkit, and would have been used to cover the attackers’ tracks as they sent forged payment instructions to make the transfers. This would have hampered the detection and response to the attack, giving more time for the subsequent money laundering to take place," the blog noted. The report went into many of the particulars of the attack method. "The malware registers itself as a service and operates within an environment running SWIFT’s Alliance software suite, powered by an Oracle Database. The main purpose is to inspect SWIFT messages for strings defined in the configuration file. From these messages, the malware can extract fields such as transfer references and SWIFT addresses to interact with the system database. These details are then used to delete specific transactions, or update transaction amounts appearing in balance reporting messages based on the amount of Convertible Currency available in specific accounts. This functionality runs in a loop until 6am on 6th February 2016. This is significant given the transfers are believed to have occurred in the two days prior to this date. The tool was custom made for this job, and shows a significant level of knowledge of SWIFT Alliance Access software as well as good malware coding skills."

On Monday (April 25), SWIFT announced that it is aware of "a number of recent cyber incidents where attackers had sent fraudulent messages over its system," Reuters said. "SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters." This follows publication of quite a few details about the breach that surfaced earlier in the day by the BAE Threat Research Blog, which noted that the attackers attempted to steal $951 million, of which $81 million still unaccounted for.

New EMV Methods: Confusion To Reign Supreme

Visa introduced Quick Chip for EMV on April 19th and MasterCard quickly followed with the announcement of M/Chip Fast on April 21st. By speeding up how quickly the consumer can remove the card from the POS, these two networks have also increased complexity for the already complicated payment process as implemented by consumers, merchants, and issuers. Where once it was possible to have some confidence a card would work as long as the brand was displayed, life is now more complicated. Besides Swipe, Dip, and Tap, we now have Swipe, Hover (MST), Show (Chase Pay), Dip, Quick Dip, and Tap – to name a few.

Then there are is the question of compatibility. NFC won’t work at non-NFC terminals while a Samsung device with MST will. Swiping an EMV card forces a dip, but only at terminals that support EMV. I’m in payments and I have no idea what happens if I present an EMV enabled card within my Samsung Pay device and use MST to communicate it to a POS that only supports swipe and EMV – does it ask me to dip my phone?

Visa introduced Quick Chip for EMV on April 19th and MasterCard quickly followed with the announcement of M/Chip Fast on April 21st. By speeding up how quickly the consumer can remove the card from the POS, these two networks have also increased complexity for the already complicated payment process as implemented by consumers, merchants, and issuers. Where once it was possible to have some confidence a card would work as long as the brand was displayed, life is now more complicated. Besides Swipe, Dip, and Tap, we now have Swipe, Hover (MST), Show (Chase Pay), Dip, Quick Dip, and Tap – to name a few.

Visa’s Quick Chip EMV Move, Banking On Perception To Trump Reality

Using the Electronic Transaction Association’s TRANSACT 16 event as a backdrop, Visa on Tuesday (April 19) rolled out Quick Chip for EMV, which the leading card brand described in a news release as being "a technology enhancement that optimizes EMC chip processing and speeds up checkout times." Unfortunately, Quick Chip isn't a technology enhancement nor does it optimize chip processing and it certainly doesn't speed up checkout times. Other than that, the lead of Visa's news release got it right.

What Quick Chip, however, does do is potentially just as powerful an aid to EMV—or quite destructive to EMV adoption, depending on who is talking—as what Visa claims. All that it does is allow the shopper to remove the card from the card reader much more quickly than current deployments permit. Given that the reader's retention of the card until the full transaction is complete is behind a very high percentage of both merchant and consumer EMV complaints, this could be seen as a very good thing. Let's break this down. For almost all transactions, the Quick Chip change won't accelerate the total transaction time at all. The customer still needs to stand there until all products have scanned and the cashier has been given the final transaction approval. Therefore, from the merchant perspective of "how many shoppers can I push through the line in an hour?" this change is unlikely to help at all. But like so much of what happens in retail, reality never stands a chance against perception.

Using the Electronic Transaction Association’s TRANSACT 16 event as a backdrop, Visa on Tuesday (April 19) rolled out Quick Chip for EMV, which the leading card brand described in a news release as being "a technology enhancement that optimizes EMC chip processing and speeds up checkout times." Unfortunately, Quick Chip isn't a technology enhancement nor does it optimize chip processing and it certainly doesn't speed up checkout times. Other than that, the lead of Visa's news release got it right.

PCI To Publish New Version April 28 With More Strict Authentication, Service Provider Rules

The PCI Security Council, which said in early March that its' new version (3.2) would be out sometime in April, is now saying that April 28 is the likely day and that the new rules would get stricter about authentication as well as service providers.

In a blog post Tuesday (April 19), PCI Chief Technology Officer Troy Leach said the new rules will add "multi-factor authentication as a requirement for any personnel with administrative access into the cardholder data environment, so that a password alone is not enough to verify the user’s identity and grant access to sensitive information, even if they are within a trusted network." Leach said this will require this additional authentication to employees who had before had to deal with it. "The most important point is that the change to the requirement is intended for all administrative access into the cardholder data environment, even from within a company’s own network. This applies to any administrator, whether it be a third party or internal, that has the ability to change systems and other credentials within that network to potentially compromise the security of the environment," Leach said.

The PCI Security Council, which said in early March that its' new version (3.2) would be out sometime in April, is now saying that April 28 is the likely day and that the new rules would get stricter about authentication as well as service providers.

Podcast: A Preview of Next Week’s Payment Facilitator Day ‘16

The 2nd Annual Payment Facilitator Day at the ETA TRANSACT 2016 will kick off Tuesday (April 19) in Las Vegas. This year’s theme is In Depth and On Target as the full-day event goal is to explore all of the relevant topics and ideas that are shaping the payment facilitator industry.

"It’s about payment facilitators, for payment facilitators and entities that want to become payment facilitators,” Todd Ablowitz said in this week’s PaymentFacilitator.com podcast. Event hosts, Todd Ablowitz and Deana Rich, dive into what to expect at PF Day ’16 and who will be there.

The 2nd Annual Payment Facilitator Day at the ETA TRANSACT 2016 will kick off Tuesday (April 19) in Las Vegas. This year’s theme is In Depth and On Target as the full-day event goal is to explore all of the relevant topics and ideas that are shaping the payment facilitator industry.

Chase’s Removal Of ATM Limits Is The Right Idea But For The Wrong Device

Moving more and increasingly complex payments capabilities to ATMs and away from bank branches is a good thing, as we've argued before with ATM ApplePay and with MasterCard's patent application to turn ATMs into full-fledged POS units. But there is a line where it doesn't make sense and JPMorgan Chase's current debate about removing per-day cash limits crosses that line.

First of all, unlike mobile devices, ATMs have a very physical limitation: Once the cash that some human loaded into the ATM runs out, the ATM loses much of its most-desired functionality. Sure, it can still accept deposits and reveal balances, but not that much more. To be candid, those particular services are much better handled by a mobile app. (Note: That is true up to the limit of mobile deposits which, I assure you, I'll get back to shortly.) The ATM's most powerful function is to dispense cash, as that is something mobile apps can't do. When the money is gone, the ATM becomes rather pointless.

Moving more and increasingly complex payments capabilities to ATMs and away from bank branches is a good thing, as we've argued before with ATM ApplePay and with MasterCard's patent application to turn ATMs into full-fledged POS units. But there is a line where it doesn't make sense and JPMorgan Chase's current debate about removing per-day cash limits crosses that line.

Finally, An Event Where PF Is The Focus, Not A Footnote

Given how important payment facilitators are to the rapidly emerging and morphing payments landscape in 2016, it's stunning how few places there are to explore the implications of being a PF today. Plenty of meetings and symposium exist for chatting about payments in general or virtual currencies or mobile payments, but the opportunities to really delve deeply into PF issues are practically non-existent. Until now.

If you can swing by Las Vegas on April 19, PaymentFacilatator.com—in conjunction with Double Diamond Group, Rich Consulting and the Electronic Transactions Association—will present our version of Everything You Ever Wanted To Know About PFs, But Were Too Geeky To Ask. Officially, though, it's dubbed simply TRANSACT 16’s Payment Facilitator Day – In Depth and On Target.

Given how important payment facilitators are to the rapidly emerging and morphing payments landscape in 2016, it's stunning how few places there are to explore the implications of being a PF today. Plenty of meetings and symposium exist for chatting about payments in general or virtual currencies or mobile payments, but the opportunities to really delve deeply into PF issues are practically non-existent. Until now.

Risk Teams Are All Over The Map When It Comes To PFs

Compliance and risk leaders in the Americas, Europe, and Asia exhibit a polarity in their attitudes about payment facilitators. First, there are those who either endorse or oppose. Second, there are PFs that are either fit or unfit for partnership. This yields three observations: Risk teams see PFs in general as either "friends" or "foes"; Risk teams categorize PFs into "safe bets" or "wild cards"; Risk teams demand oversight rights when working with PFs.

G2 recently conducted a survey with acquirers globally. The results showed a greater willingness among banks and processors to work with PFs in EMEA and APAC. In the Americas, one-half of respondents actively work with PFs. In EMEA and APAC, the numbers were closer to two-thirds. When asked if they knew if there were PFs in their portfolios, there was some doubt. A significant number of acquirers in all regions had either discovered a merchant unknowingly acting as a PF in the past year or did not know if that activity was occurring.

Compliance and risk leaders in the Americas, Europe, and Asia exhibit a polarity in their attitudes about payment facilitators. First, there are those who either endorse or oppose. Second, there are PFs that are either fit or unfit for partnership. This yields three observations: Risk teams see PFs in general as either "friends" or "foes"; Risk teams categorize PFs into "safe bets" or "wild cards"; Risk teams demand oversight rights when working with PFs.

Payment Regulatory Insanity Two: A Dog Named Dash

Two weeks ago, we told you the tale of PayPal's Venmo going overboard with compliance efforts, when it delayed any transaction that mentioned the word "Persian." Not wanting to be outdone by any PayPal division, Chase has decided to top Venmo in the craziness department. Chase's entry? It blocked the money transfer of a 55-year-old sufferer of muscular dystrophy, who was paying someone to walk his service dog and the dog's name is Dash. Seems that the bank saw Dash as code for Daesh, the Arabic term for the Islamic State aka ISIS.

A few initial takes. First, Daesh may sometimes be pronounced "dash" but it's never spelled that way. Secondly, really? If I pay someone to walk a dog named SPOT, it's probably not an acronym for Special People Overthrowing Turkey. And third, let's go again with "really?" But wait: this story gets even better with the details.

Two weeks ago, we told you the tale of PayPal's Venmo going overboard with compliance efforts, when it delayed any transaction that mentioned the word "Persian." Not wanting to be outdone by any PayPal division, Chase has decided to top Venmo in the craziness department. Chase's entry? It blocked the money transfer of a 55-year-old sufferer of muscular dystrophy, who was paying someone to walk his service dog and the dog's name is Dash. Seems that the bank saw Dash as code for Daesh, the Arabic term for the Islamic State aka ISIS.

Square’s Design Miracle: EMV, NFC And An Amazing $49 Pricetag

FastCompany recently took a fascinating deep-dive into the strategy and tactics behind Square's design. It's a terrific read, if only to explain the design genius behind a thoroughly under-appreciated feat of engineering. It's certainly no surprise that the Square team would have taken so much time perfecting it's design, which delivers a beautiful—yes, I think it's beautiful—fast and truly effortless interface. The biggest surprise here is how difficult it was to deliver the price they needed to hit.

It's a longheld project reality that you can have your timeline, your price or your scope, but never all three. Such realities don't cut it at Square. What is going on here is Square making a strategic longterm bet on mobile payments. Their top brass felt that someone has to suck it up price-wise to get the market moving. It's a loss-leader mentality, but not in the quintessential razor-and-razor-blade mode. It's more in the "we'll pay a lot more now for a big slice of this worthless pie, betting that we can make this pie worth a bundle if we make the first move." And Square's engineering team has succeeded in a big way, not merely in capturing marketshare but in moving the entire market.

FastCompany recently took a fascinating deep-dive into the strategy and tactics behind Square's design. It's a terrific read, if only to explain the design genius behind a thoroughly under-appreciated feat of engineering. It's certainly no surprise that the Square team would have taken so much time perfecting it's design, which delivers a beautiful—yes, I think it's beautiful—fast and truly effortless interface. The biggest surprise here is how difficult it was to deliver the price they needed to hit.

Transaction Laundering: How Not To Get Taken To The Cleaners

One of the cyberthief's favorite tactics these days is transaction laundering, where the bad guy takes their bad transactions—usually for drugs, gambling, counterfeit goods or human trafficking—and runs them through seemingly good web sites, ones ostensibly trying to sell innocuous products. There are things that a payment facilitator can do to thwart such efforts and that is the focus of this week's PaymentFacilitator.com podcast, featuring Deana Rich, president of Rich Consulting.

One of the less-commonly-used but quite effective tactics, Rich said, is do some secret shopping, both on the PF's own customer sites as well as suspected fraudulent sites. That is literally making purchases from both kinds of sites and seeing what then happens. Rich said she was recently talking "with a banker who told me that she had done that on a site she suspected to be bad and then she made the purchase and it never came through her own system. She never saw it because the purchase didn't really occur. They weren't really selling anything on that site. They were really selling stuff on the bad site. It was that secret shopping, using your own payment card to purchase things, that let her know what went wrong."

One of the cyberthief's favorite tactics these days is transaction laundering, where the bad guy takes their bad transactions—usually for drugs, gambling, counterfeit goods or human trafficking—and runs them through seemingly good web sites, ones ostensibly trying to sell innocuous products. There are things that a payment facilitator can do to thwart such efforts and that is the focus of this week's PaymentFacilitator.com podcast, featuring Deana Rich, president of Rich Consulting.

Cyberthieves Use Far Better Security Than Do Banks. Aren’t You Embarrassed?

This shouldn't be the least bit surprising, but it's downright humiliating how bad our security habits are with our top financial institutions when you take a look at large criminal enterprises. If fraudsters and entry-level terrorists can be bothered to use robust authentication security, why can't the good guys?

"If you are a seller on Alphabay -- a darkweb site that sells 'drugs, stolen data and hacking tools,' you'll have to use two-factor authentication (based on PGP/GPG) for all your logins," said the depressing story in BoingBoing. "Alphabay requires you to use a unique seven-word phrase to recover passwords (as opposed to easily researched questions like high-school football team, mother's maiden name, etc), and says there is no way to recover a lost password without this phrase. Finally, Alphabay requires a four-digit PIN to transfer bitcoin to your personal wallet."

This shouldn't be the least bit surprising, but it's downright humiliating how bad our security habits are with our top financial institutions when you take a look at large criminal enterprises. If fraudsters and entry-level terrorists can be bothered to use robust authentication security, why can't the good guys?

Questions Every New Payment Facilitator Should Ask Its Payments Attorney

Under the latest card brand rules, payment facilitators are being held to exacting requirements. Note that the acquirer is now able to terminate a PF contract immediately with "good cause." So while state and federal regulation may get the bulk of the attention, those are hardly the only areas of potential rules-enforced disasters.

Visa’s Core Rules, for example, have the PF being "liable for all acts, omissions, cardholder disputes, and other cardholder customer service related issues caused by the Payment Facilitator's Sponsored Merchants" and "is responsible and financially liable for each transaction processed on behalf of the sponsored merchant, or for any disputed transaction or credit." MasterCard similarly requires that "the payment facilitator must ensure that each of its submerchants complies with the standards applicable to merchants." Understanding the limitations and obligations that the card brands impose upon PFs is crucial to ensure the ongoing operations of business.

Under the latest card brand rules, payment facilitators are being held to exacting requirements. Note that the acquirer is now able to terminate a PF contract immediately with "good cause." So while state and federal regulation may get the bulk of the attention, those are hardly the only areas of potential rules-enforced disasters.

Uber’s Deal With Green Dot Illustrates Payments Potential

When Uber and Green Dot last week rolled out Uber Checking By Go Bank, it offered little more than a slightly more convenient way for workers to get paid and to be paid more timely. In payments, though, it can be those little conveniences and small elements of automation that can build into a massive change. And who understands that digital disruption concept better than Uber—and payment facilitators.

The idea is straight-forward: When Uber drivers want to get paid for hours logged, use what Uber is calling Instant Pay. They can log in 24x7 and "cash out your earnings instantly and easily at any time, with no minimum deposit or transaction fees." The cash is loaded onto their Uber Debit Card. The near-term advantages are that workers control when they get paid—no more waiting until the company dictated date of, let's say, the 15th of each month—and the account can be isolated. That isolation means that they don't need to share sensitive bank account details with their employer if they don’t want to.

When Uber and Green Dot last week rolled out Uber Checking By Go Bank, it offered little more than a slightly more convenient way for workers to get paid and to be paid more timely. In payments, though, it can be those little conveniences and small elements of automation that can build into a massive change. And who understands that digital disruption concept better than Uber—and payment facilitators.

A Surreal Peek Into The Payment Data Underworld

If you're in the mood for a truly surreal peek into the stolen payment card data market, check out this profile of a data-seller called Joker's Stash, over at KrebsOnSecurity. This vendor's employees, solely selling illegal stolen data mind you, "set themselves apart by focusing on loyalty programs, frequent-buyer discounts, money-back guarantees and just plain old good customer service." Heck, it's hard enough to get legitimate retailers to do that.

Indeed, the Bitcoin-accepting company markets itself as proudly only selling data that it's own people stole, as opposed to selling what any lowlife on the street steals. And it offers limited guarantees: "All sales are final, although some batches of stolen cards for sale at Joker’s Stash come with a replacement policy — a short window of time from minutes to a few hours, generally — in which buyers can request replacement cards for any that come back as declined during that replacement timeframe." Even their loyalty program is better than that offered by some large retailers.

If you're in the mood for a truly surreal peek into the stolen payment card data market, check out this profile of a data-seller called Joker's Stash, over at KrebsOnSecurity. This vendor's employees, solely selling illegal stolen data mind you, "set themselves apart by focusing on loyalty programs, frequent-buyer discounts, money-back guarantees and just plain old good customer service." Heck, it's hard enough to get legitimate retailers to do that.

Class Action Merchant EMV Lawsuit Could Make The EMV Transition A Lot Messier

EMV has always delivered more than its fair share of headaches and surprises—and this week even has the MasterCard CEO doing some EMV griping of his own—but a class action lawsuit filed last week is raising yet another troubling EMV question. Is the liability shift appropriate if merchants have done everything in their power to embrace EMV? If backlogs from the card brands are why a merchant doesn't have an EMV greenlight, is it fair to punish them with the liability shift?

Like every payments issue, there are details to be dealt with. Did the merchant submit all paperwork in a reasonable timeframe? One can't file 10 minutes before the deadline and then blame the backlog for a lack of approval. Still, it's an interesting question. And the lawsuit from B&R Supermarkets and Grove Liquors goes further than saying that the backlog was unexpected or larger than expected. The filing accuses the card brands—and other payments players—of deliberately being slow, in an attempt to push off liability costs on as many merchants as possible, regardless of their EMV efforts.

EMV has always delivered more than its fair share of headaches and surprises—and this week even has the MasterCard CEO doing some EMV griping of his own—but a class action lawsuit filed last week is raising yet another troubling EMV question. Is the liability shift appropriate if merchants have done everything in their power to embrace EMV? If backlogs from the card brands are why a merchant doesn't have an EMV greenlight, is it fair to punish them with the liability shift?

MasterCard Draws Its Line In Silicon: MobileWallet Vendors, Go This Far And No Farther

Speaking at the Barclays Emerging Payments Forum on Tuesday (March 15), MasterCard CEO Ajay Banga told attendees that MasterCard has no problem with the many mobile wallets today, as long as they don't cross the line and try to change key parts of payments infrastructure.

Banga said that current mobile wallets are supporting MC's goal of converting cash and checks into digital transactions. As long as they keep doing that, Banga will be happy to play along. "I will support everything so long as it protects the ecosystem and does not damage the relationship between merchants, banks, these (mobile wallet) players and us. The moment it changes that and it starts playing with the data, then I’ve got a problem. If it's basically a passthrough and it's not affecting the ecosystem and it's actually attacking cash, I'm all for it. If you do things that make it complicated for the ecosystem to work cleanly, I'm not going to be supportive."

Speaking at the Barclays Emerging Payments Forum on Tuesday (March 15), MasterCard CEO Ajay Banga told attendees that MasterCard has no problem with the many mobile wallets today, as long as they don't cross the line and try to change key parts of payments infrastructure.

Venmo/PayPal Go Overboard On Compliance

If you’re trying to use Venmo to pay someone for sitting your Persian cat or for buying a used Persian rug, don’t actually use the word “Persian” or be prepared to wait longer. And you can thank a compliance program that is perhaps going a few steps too far.

Although opting—understandably—to be vague on specifics, the PayPal-owned Venmo responded to media reports that is has coded its systems to be on the lookout for certain words, including Persian. "There has been recent discussion around specific keywords associated with payments within Venmo that have caused us to pause the transaction and review. We understand the frustration this may cause," Venmo said on its blog.

If you’re trying to use Venmo to pay someone for sitting your Persian cat or for buying a used Persian rug, don’t actually use the word “Persian” or be prepared to wait longer. And you can thank a compliance program that is perhaps going a few steps too far.

FTC Launches PCI Probe. Ruh-Roh

On Monday (March 7), the U.S. Federal Trade Commission (FTC) launched a government investigation of PCI, zeroing in on potentially excessive charges, inconsistency in enforcement and rampant conflicts of interest. As famed QSA Scooby Doo would have said, "Ruh-roh."

None of this is news to the FTC and it's part of the reason for the investigation, which FTC is officially calling a study. "We have heard these issues," said David Lincicum, an FTC attorney in the division of privacy and identity protection, who is the lead attorney on the study and is also managing the study. "We go into this looking to get information, to get some details about what the interactions look like."

On Monday (March 7), the U.S. Federal Trade Commission (FTC) launched a government investigation of PCI, zeroing in on potentially excessive charges, inconsistency in enforcement and rampant conflicts of interest. As famed QSA Scooby Doo would have said, "Ruh-roh."

States Seek Reasonable-Sounding—But Logistically All-But-Impossible—Payment Rules

Some state legislatures are pushing some potential laws aimed at giving consumers—and their heirs—more control over their digital lives. But in doing so, some are preparing to impose rules on merchants that neither the merchant—nor the merchant's payment facilitator—are likely to be able to obey.

The thrust of the rules—under consideration in states such as Oregon and Connecticut—are honorable. They are intended to avoid the heart-wrenching stories of a parent or other next-of-kin unable to access a deceased loved one's e-mails or social media interactions. But the legislation goes beyond that in some cases, granting consumers much more control over their digital footprints. In Connecticut, for example, the bill "would allow consumers to ask stores you no longer do business with to delete your personal information so that your personal information would not be compromised in the event that the company is hacked," according to a report from NBC Connecticut. That's where things get dicey.

Some state legislatures are pushing some potential laws aimed at giving consumers—and their heirs—more control over their digital lives. But in doing so, some are preparing to impose rules on merchants that neither the merchant—nor the merchant's payment facilitator—are likely to be able to obey.

Payments Crime Of The Week: A New Twist On Quarterly Earnings

In a new twist on the concept of quarterly earnings, a Brink’s Company armored transport service money processing manager used his access to the Federal Reserve Coin Inventory to pocket some loose change. Specifically, he grabbed 784,000 quarters, worth $196,000. But how exactly did he take home 9,800 pounds of coinage? That's where this tale took a turn positively borrowed from Raiders Of The Lost Ark.

If you recall one of that film's most famous scenes, Indiana Jones opts to try steal the prized statue by fillings enough bags with sand to proximate the statue's weight. In this federal case, according to a statement from the U.S. Attorney's office in the Northern District of Alabama, the accused filled bags of quarters with beads. To thwart such a ploy, the bags all had plastic windows. To thwart the attempt at thwarting, the accused, Stephen Lancaster Dennis, removed most of the quarters, but carefully left enough inside each bag to cover the small plastic window.

In a new twist on the concept of quarterly earnings, a Brink’s Company armored transport service money processing manager used his access to the Federal Reserve Coin Inventory to pocket some loose change. Specifically, he grabbed 784,000 quarters, worth $196,000. But how exactly did he take home 9,800 pounds of coinage? That's where this tale took a turn positively borrowed from Raiders Of The Lost Ark.

Dwolla’s $100K CFPB Security Fine Wasn’t For What It Did As Much As What It Said

Dwolla got slapped down hard on Wednesday (March 2) by the Consumer Financial Protection Bureau for a series of security violations. But due to a dearth of meaningful federal security laws, CFPB's $100K fine of Dwolla had to follow in the footsteps of fellow federal regulator Federal Trade Commission. They can't punish a company for what it did nearly as easily as they can punish it for not doing what it says.

That said, once Dwolla opened the door to federal investigators by boasting about its security on its Web site, every security violation discovered was fair game. Takeaway: In the same way that marketers of publicly-held companies were beaten down by senior staffers from investor relations to never say anything publicly without IR's blessing, payment facilitators today must reign in anything involving security that even smells a little of hype. See? Our mothers were right. Boasting can deliver real problems. Once those doors were opened, according to a federal consent order published on Wednesday, security violations aplenty were found.

Dwolla got slapped down hard on Wednesday (March 2) by the Consumer Financial Protection Bureau for a series of security violations. But due to a dearth of meaningful federal security laws, CFPB's $100K fine of Dwolla had to follow in the footsteps of fellow federal regulator Federal Trade Commission. They can't punish a company for what it did nearly as easily as they can punish it for not doing what it says.

Wendy’s Breach Fallout Painfully Illustrating The Need For EMV

A report out on Wednesday (March 2) put the level of fraud being felt by credit unions as far worse than the fraud suffered after the Home Depot and Target breaches, with some CU estimating that the fraud could be ten times those other retail breaches. And much of the pain is being felt at merchants who have yet made the EMV switch.

KrebsOnSecurity reported Wednesday that three different CUs in Ohio reporting higher levels of fraud. One CU president was quoted as saying "We have been getting killed lately with debit card fraud. We have already hit half of our normal yearly fraud so far this year, and it is not even the end of January yet. After reading this, we reviewed activity on some of our accounts which had fraud on them. The first six we checked had all been to Wendy’s in the last quarter of 2015." The story also noted an interesting twist, with some consumer victims repeatedly re-compromising themselves by going to different Wendy's restaurants—some of which had apparently not yet contained the breach.

A report out on Wednesday (March 2) put the level of fraud being felt by credit unions as far worse than the fraud suffered after the Home Depot and Target breaches, with some CU estimating that the fraud could be ten times those other retail breaches. And much of the pain is being felt at merchants who have yet made the EMV switch.

EMV Liability Shift Delivering Surprises To Restaurants

One of the unintended consequences of merchant protections prior to the EMV liability shift in October is that they shielded retailers from seeing a lot of the fraud going through their stores. The problem? That caused quite a few smaller merchants to reach the erroneous conclusion that the frauds that they didn't see didn't exist.

"We're now just seeing the fraud that always existed," said Georgia Stavrakis, the senior director of loss prevention at Heartland Payment Systems and the secretary of MAC. Stavrakis, the guest for this week's PaymentFacilitator.com podcast, as seen a lot of retailers who looked at their level of known fraud and chose to not bother implementing EMV. In short, the fact that they were shielded from seeing their true fraud rate caused them to not fear having to pay for their fraud. The liability shift, therefore, didn't frighten them. "People were misinterpreting the data that we had from before the shift. People were looking at their records, saying 'OK, I've never had a chargeback in 16 years so I don't really care when the liability shift comes because I won't have a dispute,'" Stavrakis said during the podcast. "The reality is that you could have had hundreds of thousands of fraudulent transactions at your location before October. You just didn't know about it because the bank wasn't going to waste its time or money to send that to you."

One of the unintended consequences of merchant protections prior to the EMV liability shift in October is that they shielded retailers from seeing a lot of the fraud going through their stores. The problem? That caused quite a few smaller merchants to reach the erroneous conclusion that the frauds that they didn't see didn't exist.

New PCI Rules Won’t Be Out Until April

When the PCI Council last gave some hints as to what the upcoming PCI DSS 3.2 rules will (about two weeks ago, back on Feb. 17), it said the spec would be released "in the March/April timeframe." A council official on Wednesday (March 2) tweaked that guidance, ruling out March and saying that the council "anticipates an April release of the standard."

The timing of the new PCI rules (aka guidelines that really and truly do not like being ignored) is important as they are lengthy, complicated and merchants—especially smaller merchants—are going to expect PFs to know them intimately. Also, as PCI requirements get increasingly stringent and complex, the need for PFs to take over those duties will grow.

When the PCI Council last gave some hints as to what the upcoming PCI DSS 3.2 rules will (about two weeks ago, back on Feb. 17), it said the spec would be released "in the March/April timeframe." A council official on Wednesday (March 2) tweaked that guidance, ruling out March and saying that the council "anticipates an April release of the standard."

Atlanta Fed Folk Not Wildly Optimistic About Mobile Payments

Although people who work for various Fed chapters don't usually engage in blunt talks publicly, a bunch working for the Federal Reserve Bank of Atlanta released some intriguing 2016 predictions this week. Among them are dire expectations for mobile payments and ACH Same-Day plus a belief that EMV will drive down the number of U.S. ATMs.

To be clear, the Fed folk stressed that delaying the predictions until the year was almost one-sixth over was a deliberate choice: "By waiting a couple of months to release ours, we're hoping they will end up being more accurate than usual." They also stressed that these are not technically Fed predictions, as they come from one just group of Fed employees: members of the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta.

Although people who work for various Fed chapters don't usually engage in blunt talks publicly, a bunch working for the Federal Reserve Bank of Atlanta released some intriguing 2016 predictions this week. Among them are dire expectations for mobile payments and ACH Same-Day plus a belief that EMV will drive down the number of U.S. ATMs.

Skip Walmart Checkout Lines By Getting Vested

One Virginia Walmart shopper came up with a creative way to avoid the long, slow-moving lines at his local Walmart. Taking advantage of the store's apparent lack of employee authentication, he simply went to the store's stockroom and donned a Walmart employee vest.

After that, he casually and professionally grabbed a cart, loaded four flat-screen televisions onto said cart and simply pushed through out the back of the store, through an emergency exit. "They were (then) loaded into a waiting, full-size SUV,” said a local enforcement statement about the Jan. 14 incident at the Colonial Heights Walmart.

One Virginia Walmart shopper came up with a creative way to avoid the long, slow-moving lines at his local Walmart. Taking advantage of the store's apparent lack of employee authentication, he simply went to the store's stockroom and donned a Walmart employee vest.

Patent Wrap: MasterCard’s Plan To Turn An ATM Into A POS

In this week’s look at interesting payments patents issued and/or applied for, PayPal and MasterCard inventors are our payments patent people with a trio of invention applications all filed on Feb. 18. MasterCard's filing envisions using all of those strategically ATMs for a lot more than cash-dispensing. This makes even more sense given that cash-dispensing will become increasingly unnecessary as in-person purchases go digital.

Meanwhile, PayPal wants to aggregate purchases from multiple merchants in one quasi-session. And MasterCard also has an idea for a way to use payment data to identify physically-proximate consumers with similar buying patterns.

In this week’s look at interesting payments patents issued and/or applied for, PayPal and MasterCard inventors are our payments patent people with a trio of invention applications all filed on Feb. 18. MasterCard's filing envisions using all of those strategically ATMs for a lot more than cash-dispensing. This makes even more sense given that cash-dispensing will become increasingly unnecessary as in-person purchases go digital.

Regulators Sharpening Their Ordinance Knives For New Payments

Although regulators have never been mainstays of payment facilitators' holiday card lists, as payments grow increasingly complex, those regulators will become even more ever-present and, candidly, resented. As state regulators—along with their federal counterparts from the Federal Trade Commission and the Consumer Financial Protection Bureau, plus some global regulators—zero in on newer payment methods, their chief focuses will be organizational structure.

Specifically, initial questions will focus on "whether compliance functions are adequately staffed, whether we have enough risk managers looking at all of the pieces of the puzzle and whether the board is involved. We're starting to see these regulators ask these questions," said Ellen Berge, law partner at Venable LLP as well as panel leader for the compliance panel at the Merchant Acquirers Committee (MAC). Berge discussed these issues during this issue's edition of the PaymentFacilitator.com's weekly payments podcast.

Although regulators have never been mainstays of payment facilitators' holiday card lists, as payments grow increasingly complex, those regulators will become even more ever-present and, candidly, resented. As state regulators—along with their federal counterparts from the Federal Trade Commission and the Consumer Financial Protection Bureau, plus some global regulators—zero in on newer payment methods, their chief focuses will be organizational structure.

Global Payments Wrap: MasterCard’s Selfie—And Other Biometric—Authentication—Trials Do Well With The Dutch

This week’s global payments news takes us to the Netherlands, France, India and Brazil. As MasterCard promises to continue and extend its selfie biometric authentications trials in various countries, it found impressively positive results in one region. Dutch participants, given the option of either a fingerprint or a selfie in lieu of a password during a six-month trial, decidedly went bio.

Visa is rolling out Visa Checkout to France, India, Ireland, Poland, Spain and the United Kingdom later this year, the card brand announced. And Paytm is close to finalising technology outsourcing contracts worth Rs 125 crore to manage the back-end for its payments bank which the company expects to roll out in August

This week’s global payments news takes us to the Netherlands, France, India and Brazil. As MasterCard promises to continue and extend its selfie biometric authentications trials in various countries, it found impressively positive results in one region. Dutch participants, given the option of either a fingerprint or a selfie in lieu of a password during a six-month trial, decidedly went bio.

PCI Council’s New EMV Payment Token Rules Are Worth Reading Closely

The PCI Council in late December rolled out its security rules for token service providers for EMV payment tokens, which overwhelmingly deals with mobile transactions. Today, the card brands handle the vast majority of tokens issued, but the council expects that to sharply change now that EMVCo has released the specification. Given the importance of tokens to payment facilitators, it's worth a read.

One of the fun things that this document does, in pure PCI Council fashion, is deliver more acronyms. Yes, these are brand acronyms. (No, no need to thank them.) One is TDE, for Token Data Environment. An important term—not an acronym yet, sadly—is Payment Token Data, which has a very specific definition: "Covers a number of discrete data elements, including the Payment Token and related data as defined in the EMV Payment Tokenisation Specification Technical Framework, which include the Payment Token Expiry Date, Payment Token Requestor ID, Payment Token Assurance Level and Payment Token Assurance Data."

The PCI Council in late December rolled out its security rules for token service providers for EMV payment tokens, which overwhelmingly deals with mobile transactions. Today, the card brands handle the vast majority of tokens issued, but the council expects that to sharply change now that EMVCo has released the specification. Given the importance of tokens to payment facilitators, it's worth a read.

Payments Patent Wrap: MC Wants To Take The Where In Wearables And Add A Who

In this week’s look at interesting payments patents issued and/or applied for, MasterCard is our guest of honor for a pair of patent applications, a little patent pending power. MasterCard on Feb. 11 applied for this patent as a way to better authenticate anyone trying to make a purchase via a wearable device. The idea starts with the system grabbing a reference sample related to the cardholder and payment card info.

In another patent application, MasterCard wants to use mobile purchases to dictate—in realtime—what news stories the shopper will be shown.

In this week’s look at interesting payments patents issued and/or applied for, MasterCard is our guest of honor for a pair of patent applications, a little patent pending power. MasterCard on Feb. 11 applied for this patent as a way to better authenticate anyone trying to make a purchase via a wearable device. The idea starts with the system grabbing a reference sample related to the cardholder and payment card info.

Card Data Breaches Are Unseen Mobile Payments Killers

As payment facilitators see an increasingly high percentage of their transactions going through mobile, it's critical to acknowledge the many ways mobile payments could be harm. For example, I got a new debit card last month. Nothing unusual about that in itself. However, I may add that this is the third card in less than a year from the same issuer.

The reason: card data breaches. A few years ago, this would have been a minor inconvenience, but today a fresh card results in the myriad of digital connections I have being unceremoniously cut off. For the last couple of weeks, I've been revisiting the experience of a few months back when I had to re-establish card details with Netflix, Amazon, Spotify, Starbucks, my gym membership and countless others. It's frankly a huge pain in the ass. Again.

As payment facilitators see an increasingly high percentage of their transactions going through mobile, it's critical to acknowledge the many ways mobile payments could be harm. For example, I got a new debit card last month. Nothing unusual about that in itself. However, I may add that this is the third card in less than a year from the same issuer.

Visa Offering More Goodies For PF Merchant Magicians

When Visa on Tuesday (Feb. 9) officially rolled out its Visa Consumer Transaction Controls program, it provided puzzle pieces that payment facilitators are much better positioned to use than others in the payments arena.

What the program does is it allows account holders "to set simple, convenient, and effective spending controls, receive transaction alerts, or even temporarily suspend their accounts using a simple on/off feature," Visa said. "Spending controls can be applied to different transaction types, date ranges, or overall card spending to offer consumers visibility and control over their money. Alerts can be sent by text, mobile app, or email in when transactions take place." The magic is that these are capabilities that Visa will support, but others will have to put the programming effort into integrating these apps, mobile devices and anything else. The apps that PF merchants will be using can leverage these or not. Few merchants will see much reason to put in the development talent to make them happen as they don't directly boost sales. That's where PF magic comes in.

When Visa on Tuesday (Feb. 9) officially rolled out its Visa Consumer Transaction Controls program, it provided puzzle pieces that payment facilitators are much better positioned to use than others in the payments arena.

The Perception Game: A Non-Security Glitch Makes Consumers Worried About Security

Mobile payments are still young enough that consumers are still making up their hands with how safe and secure they are. Remember that this is a classic perception vs. reality situation. It doesn't matter that mobile payments are in reality far more secure than many credit cards today. Think about a non-EMV Visa credit using signature compared with Apple Pay's biometric authentication and secure element and we're talking Bambi Vs. Godzilla. But anything new and different feels less secure.

Another important factor in the security perception game, though, is robustness and uptime. If the experience feels solid and trustworthy, those attributes will also color the perception of security. And that's why this past week is troubling.

Mobile payments are still young enough that consumers are still making up their hands with how safe and secure they are. Remember that this is a classic perception vs. reality situation. It doesn't matter that mobile payments are in reality far more secure than many credit cards today. Think about a non-EMV Visa credit using signature compared with Apple Pay's biometric authentication and secure element and we're talking Bambi Vs. Godzilla. But anything new and different feels less secure. Another important factor in the security perception game, though, is robustness and uptime. If the experience feels solid and trustworthy, those attributes will also color the perception of security. And that's why this past week is troubling.

Global Payments Wrap: Bad News For MasterCard Out Of Australia

This week's global payments news takes us to Australia, the U.K., the Czech Republic, India and Hong Kong. Australia's ANZ Mobile Pay opts for Visa over MasterCard. Following a Visa-only deal announced from NAB Pay late last month, the ANZ move means double bad Australian bank moves for MasterCard.

American Express Global Business Travel's new system promises to "locate all travelers worldwide, visualize which travelers are closest to a potential travel disruption and enables travel and risk managers to not only locate impacted travelers but also communicate with them in real-time. The GBT solution enables companies to communicate with traveller via SMS, email, or a mobile application, and prioritize aid to those travelers with the greatest need," said an Amex statement.

This week's global payments news takes us to Australia, the U.K., the Czech Republic, India and Hong Kong. Australia's ANZ Mobile Pay opts for Visa over MasterCard. Following a Visa-only deal announced from NAB Pay late last month, the ANZ move means double bad Australian bank moves for MasterCard.

Payments Patent Wrap: How Does A Payment Device Know Whose Voice Command To Obey?

In this week's look at interesting payments patents issued and/or applied for, Amazon and Visa are the guests of honor. Amazon was issued a patent on Tuesday (Feb. 9) for a way to help POS and other systems differentiate different people, when they are all giving voice commands. Amazon: POS, listen to the sound of my voice. No, not her voice. My voice.

Visa was issued a patent on Tuesday (Feb. 9) for ways to identify one user that works with multiple payments devices. The problem? "Each portable payment device associated with a single account within a payment processing system is distinguished using track data. The track data from the portable payment device is read at each of a plurality of merchant point of sale terminals (POS). Rather than relying on the PAN alone, a merchant may utilizes the track data, or a proxy thereof, as the unique identifier for the portable payment device," Visa's patent filing said.

In this week's look at interesting payments patents issued and/or applied for, Amazon and Visa are the guests of honor. Amazon was issued a patent on Tuesday (Feb. 9) for a way to help POS and other systems differentiate different people, when they are all giving voice commands. Amazon: POS, listen to the sound of my voice. No, not her voice. My voice.

PF Confusion May Yet Endanger This Embryonic Market

Confusion regarding the term payment facilitator poses a great risk to the PF community. It is only a matter of time before a registered PF goes belly up due to a lack of understanding of the risk associated with taking liability for sub merchants and meeting the rules of the card brands. When a PF does go belly up, there is a real risk of stifling innovation due to increased regulations.

SAAS providers, community heads and point-of-sale providers all need payments and view a PF license as the panacea to their challenges in processing payments. Investments are at stake and an expectation of get to market reigns supreme. Yet many providers, in their quest to get to market fast, don’t have sufficient information to make an informed decision as to what it means to be a registered PF. The notion of simply signing a merchant agreement and paying $5,000 to register seems all too easy. The liability, regulatory requirements, audits, PCI and flexibility take a back seat in the go-to-market strategy.

Confusion regarding the term payment facilitator poses a great risk to the PF community. It is only a matter of time before a registered PF goes belly up due to a lack of understanding of the risk associated with taking liability for sub merchants and meeting the rules of the card brands. When a PF does go belly up, there is a real risk of stifling innovation due to increased regulations.

Can Anyone Really Tell The Payments Impact On Revenue?

Although it's all-but-universally accepted that the more customer-desired payments options a merchant offers the better, it's often tricky to measure the revenue-specific results. David Cost, VP of e-commerce for apparel site Rainbow Shops, found this out a few months ago when his site started accepting PayPal. Revenue increased at the same rate it historically has, but 20 percent of payments almost immediately started being fulfilled by PayPal.

The tricky question is: Would the shoppers who used PayPal have made those identical purchases anyway, using Visa/MasterCard? Or did the PayPal move save those sales and prevent the revenue from plunging?

Although it's all-but-universally accepted that the more customer-desired payments options a merchant offers the better, it's often tricky to measure the revenue-specific results. David Cost, VP of e-commerce for apparel site Rainbow Shops, found this out a few months ago when his site started accepting PayPal. Revenue increased at the same rate it historically has, but 20 percent of payments almost immediately started being fulfilled by PayPal.

Podcast: A Preview Of Next Month’s MAC Show

The Merchant Acquirers Committee (MAC) show will unfold in Las Vegas March 8-10 and MAC President Richard Parrott makes his case this show will be a different kind of payments event. Specifically, it will be much more specific.

In this week's PaymentFaciliators.com podcast, Parrott argues that the show will be far more granular than other payments show, allowing for payments professionals to learn specific techniques and methods, rather than broad overviews of industry trends.

The Merchant Acquirers Committee (MAC) show will unfold in Las Vegas March 8-10 and MAC President Richard Parrott makes his case this show will be a different kind of payments event. Specifically, it will be much more specific. In this week's PaymentFaciliators.com podcast, Parrott argues that the show will be far more granular than other payments show, allowing for payments professionals to learn specific techniques and methods, rather than broad overviews of industry trends.

The Bank ATM Deals With ApplePay Promise What NFC Needs: Normalcy

When the news hit recently that Bank of America and Wells Fargo were preparing to integrate Apple Pay into their ATMs—on top of an existing deal with Android Pay—it promised a healthy dose of what NFC wallets need more than anything else right now: Normalcy.

At a practical level, the banks can position this as little more than an attempt to eventually phase out the plastic ATM card, not to mention then greenbacks they represent—which, of course, is true. But payment facilitators and others are relying on mobile wallets becoming more than a novelty for the geekiest of shoppers at a handful of the most tech-friendly retailers. For them, the ATM move has delightful potential.

When the news hit recently that Bank of America and Wells Fargo were preparing to integrate Apple Pay into their ATMs—on top of an existing deal with Android Pay—it promised a healthy dose of what NFC wallets need more than anything else right now: Normalcy.

Global Wrap: Russia Wants To Imprison Bitcoin Users

This week's look at payments stories from around the globe stops at the U.K., Russia, Hungary and the European Union. Choose your currency carefully in Russia these days as the Russian Finance Ministry doesn't mess around. The Ministry wants to punish anyone who uses Bitcoins with a 500,000 ruble (about $6,500 U.S.) fine and two years in a "corrective labor" camp, according to a report in Crypto Coins News. The story says that corrective labor is just what it sounds like: "a combination of penal detention and forced labor."

After the Hungarian Competition Authority slapped MasterCard with a HUF 88 million (about $318,000 U.S.) fine "for abusing its market position," the card brand said it would appeal the fine, according to a report in The Budapest Business Journal. And the EU wants to cap cash payments in an anti-terror move.

This week's look at payments stories from around the globe stops at the U.K., Russia, Hungary and the European Union. Choose your currency carefully in Russia these days as the Russian Finance Ministry doesn't mess around. The Ministry wants to punish anyone who uses Bitcoins with a 500,000 ruble (about $6,500 U.S.) fine and two years in a "corrective labor" camp, according to a report in Crypto Coins News. The story says that corrective labor is just what it sounds like: "a combination of penal detention and forced labor."

Payments Patent Wrap: PayPal Seeks One Honest Room

Our weekly look at the most interesting—or perplexing—Patents or Patents Pending from the payments industry. PayPal on Thursday (Feb. 4) applied for a patent that would determine the security level of a set of coordinates and remember it, allowing for less stringent authentication and security when making a purchase that place.

Also, EBay on Feb. 4 (Thursday) filed for a Patent on a way for truck fleets and consumers to more intelligently purchase fuel. And MasterCard on Thursday (Feb. 4) filed for a patent application that would look at non-compliant merchants and track activities to find other naughty players. The card brand is operating on the rationale that thieves tend to hang out together—and that shoppers who buy from one illegal store will likely go to another disreputable merchant if the first one is shut down.

Our weekly look at the most interesting—or perplexing—Patents or Patents Pending from the payments industry. PayPal on Thursday (Feb. 4) applied for a patent that would determine the security level of a set of coordinates and remember it, allowing for less stringent authentication and security when making a purchase that place.

Will New Congressional Money Laundering Bill Make A Difference?

A pair of congressional bills were introduced on Wednesday (Feb. 3) with the stated goal of trying to make money laundering slightly more difficult. The tact of the bills simultaneously introduced in the U.S. House and U.S. Senate? To force people filing papers of incorporation to disclose all beneficial owners—and to hand over U.S. passport or state driver's license numbers for all of those beneficial owners.

"Criminals are taking advantage of state laws by establishing firms – often without a physical presence or business activity – to access our banking system," Rep. Peter King said. "This simple requirement would enable law enforcement to stop money from flowing across our borders to terrorist organizations." Well, not quite. There is no money allocated in the bill to provide investigative funds to authenticate the submissions. If the intent is to launder criminal—even terrorist—financing, then making up bogus names of the owners and giving them fake passport or driver's license numbers is not especially burdensome. According to one Capitol Hill staffer familiar with the legislation—and who insisted on anonymity—the online application process does not seek a picture of the passport or the driver's license, but merely a number. Although those numbers are easy to verify, it's unlikely many states would bother unless they had a reason to do so. And it's the money launderer's job to make sure that the state clerks are given no such reason.

A pair of congressional bills were introduced on Wednesday (Feb. 3) with the stated goal of trying to make money laundering slightly more difficult. The tact of the bills simultaneously introduced in the U.S. House and U.S. Senate? To force people filing papers of incorporation to disclose all beneficial owners—and to hand over U.S. passport or state driver's license numbers for all of those beneficial owners.

The PF Space In Mexico: Salary Debit Cards The Key To The Future

The Mexican payment space is growing rapidly, but it's a country where cash still accounts for some 85 percent of all transactions. It's communities are cursed with large pockets of extreme poverty and banks are viewed with high suspicion.

Although, at a glance, this land seems an ill fit for payment facilitators to flourish, it's a market ripe for growth. And it's businesses that are overwhelmingly paying employees with debit cards that could be the key. "In Mexico, cash is still king, by far," said Ignacio Hidalgo, the director of consulting for a Mexican PF called Marketing Ideas and Technology (MIT, pronounced mēt). Hidalgo said the current environment is simply far more conducive to cash than payment cards or mobile money.

The Mexican payment space is growing rapidly, but it's a country where cash still accounts for some 85 percent of all transactions. It's communities are cursed with large pockets of extreme poverty and banks are viewed with high suspicion.

Visa Adds New Level 4 PCI Requirement, As The PF Attractiveness Gets A Lot Stronger

In a late holiday gift for PFs everywhere, Visa has upped the requirements for PCI Level 4 (small businesses) merchants. Specifically, as the end of January 2017, those small merchants "must use only Payment Card Industry (PCI)-certified Qualified Integrators and Reseller (QIR) professionals for point-of-sale (POS) application and terminal installation and integration."

Although few would argue that using trained and approved vendors to do any POS work is not a good idea, merchants are already feeling that the burdens of getting and staying PCI compliant are too high. Given a PF's willingness to take on all of the PCI aggravation, that offer just got more attractive to Level 4s.

In a late holiday gift for PFs everywhere, Visa has upped the requirements for PCI Level 4 (small businesses) merchants. Specifically, as the end of January 2017, those small merchants "must use only Payment Card Industry (PCI)-certified Qualified Integrators and Reseller (QIR) professionals for point-of-sale (POS) application and terminal installation and integration."

Event-Booker Placefull Converts To PF, Creates A Sizable Profit Event

One of the key advantages to being a payment facilitator is that it is the desired brand of the merchant that appears on the customer's statement. That certainly delivers the expected marketing boost (brand reinforcement) for the merchant, but event-booking PF Placefull is fond of that brand appearance for a very different reason: far fewer chargebacks.

"We have always wanted the merchant brand to have the most presence. One of the things we didn't like with a Paypal or Stripe experience—other than it's not a pretty-looking site—is that we never wanted to have a broken experience," said Placefull CEO Ryan Hamlin. "Now it’s ABC Bowling that will appear on the bill statement. The amount of disputes and, frankly, fraud was much higher before because people would see something on their statement and would call and dispute it."

One of the key advantages to being a payment facilitator is that it is the desired brand of the merchant that appears on the customer's statement. That certainly delivers the expected marketing boost (brand reinforcement) for the merchant, but event-booking PF Placefull is fond of that brand appearance for a very different reason: far fewer chargebacks.

Patent Wrap: If A Stylus Is Out-Of-Date, How About Stylus Integrated Into A Plastic Card?

Our weekly look at the most interesting—or perplexing—Patents or Patents Pending from the payments industry brings us two from MasterCard. MasterCard on Tuesday (Jan. 26) was issued a patent for a creative way to integrate a high-tech stylus with plastic cards.

Can Privacy Be Maintained By Analyzing Consumer Spend? Yes, But It's Not Easy. The patent applicaton described "a method for maintaining consumer privacy in behavioral scoring includes a first computing system and a second computing system. The first computing system disguises consumer characteristics and maps disguised consumer characteristics to unencrypted account identifiers, and then transmits the data to the second computing system. The second computing system encrypts the account identifiers upon receipt, and maps the encrypted account identifiers to anonymous transaction data."

Our weekly look at the most interesting—or perplexing—Patents or Patents Pending from the payments industry brings us two from MasterCard. MasterCard on Tuesday (Jan. 26) was issued a patent for a creative way to integrate a high-tech stylus with plastic cards.

Patent Wrap: Why Limit POS Communications To Payments?, Wonders MasterCard

This week's wrapup of the latest in payments patent applications and patents issued.

MasterCard: Why Limit POS Communications To Payments? In a U.S. Patent application filed by MasterCard on Jan. 14, the card brand envisioned using POS data connections as a more flexible communication system, with messages going "to an entity that is neither a payment account issuer nor the transaction acquirer."

This week's wrapup of the latest in payments patent applications and patents issued. MasterCard: Why Limit POS Communications To Payments?

Global Wrap: In China, 360,000 Mobile Payment Viruses Detected In 2015

This week's wrapup of payments news around the globe brings us to Brazil, China, Nigeria, the Netherlands, France, India, Canada and the U.K..

In China, 360,000 Mobile Payment Viruses Detected In 2015. As many as 25.05 million mobile phone users in 2015 became victims of various viruses in China amid the growing popularity of mobile payment in the country, according to a report from the Tencent Research Institute and reported by ChinaDaily.com.

This week's wrapup of payments news around the globe brings us to Brazil, China, Nigeria, the Netherlands, France, India, Canada and the U.K..

Carrier Billing’s New Friends May Prove To Be PF Good Fortune

Carrier billing is hardly a new concept, but some coverage has focused on renewed carrier billing efforts from the likes of Microsoft, Apple, Amazon and Google. Part of the reason that carrier billing has not, thus far, gone very far is that most consumers trust their carriers less than a convicted child molester politician. But carrier trust and likability aside, carrier billing has—on paper—a lot going for it. And payment facilitators are uniquely positioned to benefit from this move.

Carrier billing sidesteps some security concerns because the payment details reside with a company that already has them. Although that's certainly not risk-free, it's a zero increase in risk. More precisely, it's less risky than turning over payment credentials to an unknown merchant for a one-time transaction, especially if it's a faceless e-commerce site. From the merchant's perspective, there is the potential for much lower fees as interchange—in the traditional sense—is gone, especially if the consumer pays that carrier bill via check or, much more likely, ACH.

Carrier billing is hardly a new concept, but some coverage has focused on renewed carrier billing efforts from the likes of Microsoft, Apple, Amazon and Google. Part of the reason that carrier billing has not, thus far, gone very far is that most consumers trust their carriers less than a convicted child molester politician. But carrier trust and likability aside, carrier billing has—on paper—a lot going for it. And payment facilitators are uniquely positioned to benefit from this move.

Payment Patent Package: Using Beacons To Shrewdly Choose Checkout Lanes

This week's holiday-theme gragbag of payments patents and patents pending focuses on privacy—and why no one should have it. PayPal was issued a Patent on Tuesday (Jan. 5) for a way to use retailer-based wireless beacons to calculate how much a shopper is buying and to then send them to the best checkout lane. It may or may not be the best lane for that shopper, but it will be the best to move the greatest number of customers out as quickly as possible. The patent argued that the good of the many outweighs the good of the few.

"At various merchant locations, such as a merchant's retail store, a user may browse items and/or services for sale from the merchant and select various items/services for purchase from the merchant. These items/services may be grouped in areas together, such as a produce or bakery of a shopping market or a computers or televisions section of an electronics store. Based on the amount of items/services purchased, the user may spend a different amount of time completing a checkout and payment. For example, purchasing one bag of apples may be very quick; however, purchasing enough vegetables, meat, condiments, and hamburger buns for a barbeque may take a considerably larger amount of time," the Patent said.

This week's holiday-theme gragbag of payments patents and patents pending focuses on privacy—and why no one should have it. PayPal was issued a Patent on Tuesday (Jan. 5) for a way to use retailer-based wireless beacons to calculate how much a shopper is buying and to then send them to the best checkout lane. It may or may not be the best lane for that shopper, but it will be the best to move the greatest number of customers out as quickly as possible. The patent argued that the good of the many outweighs the good of the few.

Global Wrap: Visa Europe Falling Out Of Love With Bitcoin

In Visa Europe's end-of-the-year payments wrap, it went out of its way to indicate that when it comes to virtual currencies, the Euro cardbrand has a roving eye.

"When 2015 arrived, a lot of innovation chatter in Fintech focused on Bitcoin, but as we leave the year, that focus has shifted substantially to the blockchain. If we think back to how it was perceived a year ago and then how it is understood today, it’s clear that another transformation is happening," the Visa Europe post said. "2015 has turned blockchain into something the industry has to live with. It is no longer a choice anymore. Recent news speculating about the identity of its creator and the formalisation of virtual money as a commodity, just makes it more real than ever before."

In Visa Europe's end-of-the-year payments wrap, it went out of its way to indicate that when it comes to virtual currencies, the Euro cardbrand has a roving eye.

Walmart Pay: For The Retailer Who’s Given Up Trying To Get His Way

When Walmart last week introduced Walmart Pay, it was shown to be a simple app that would accept "any major payment type" but it would only work at Walmart. In short, it was the last thing that interchange-fee-hating Walmart wanted to do, especially in the mobile world. MCX's original vision, a merchant utopia where transactions were done in the non-interchange grab-the-money-directly-from-the-shopper's-bank-account universe and one app was used at thousands of different merchant stores, was Walmart's dream.

Mike Cook is the Walmart Senior VP/Assistant Treasurer who initiated the idea of MCX and pushed it so aggressively that many involved—and especially those who chose to not be involved—said the name virtually stood for Mike Cook Exchange. When Walmart Pay was announced, it was Cook whose name was on a statement issued to the media. Said Cook: "We remain committed to MCX, and recently launched acceptance of CurrentC in all of our locations in the Columbus market. We view Walmart Pay and CurrentC as complementary mobile payments solutions, and expect the two to build off each other’s success." Walmart expects "the two to build off each other's success"? If Walmart had even the slightest confidence that MCX and CurrentC were going to enjoy even a modicum of success, Walmart Pay wouldn't have been rolled out. It's true they will support both—there's not a lot of reason to not do so—but Walmart Pay is everything Walmart didn't want to do.

When Walmart last week introduced Walmart Pay, it was shown to be a simple app that would accept "any major payment type" but it would only work at Walmart. In short, it was the last thing that interchange-fee-hating Walmart wanted to do, especially in the mobile world. MCX's original vision, a merchant utopia where transactions were done in the non-interchange grab-the-money-directly-from-the-shopper's-bank-account universe and one app was used at thousands of different merchant stores, was Walmart's dream.

‘Twas Two Months After Liability Shift And At Every Store, Not A Merchant Was Dipping, Not Even A.C. Moore

It's one of the payments industry's worst-kept secrets that EMV merchant acceptance has been nothing shy of dreadful and the reasons for that are many. But an intriguing survey by the independent ConsumerWorld has put some numbers and quite a few names on the naughty/nice list of EMV supporters. It seems that a liability shift these days can only get a cardbrand so far.

In exploring almost 50 of the largest national and regional retail brands between Dec. 1 and Dec. 5, ConsumerWorld found that although almost all had installed EMV-friendly terminals (RadioShack was the only holdout), 75 percent of them had not yet been activated.

It's one of the payments industry's worst-kept secrets that EMV merchant acceptance has been nothing shy of dreadful and the reasons for that are many. But an intriguing survey by the independent ConsumerWorld has put some numbers and quite a few names on the naughty/nice list of EMV supporters. It seems that a liability shift these days can only get a cardbrand so far.

Payments Patent Potpourri: A Way For Visa To Ride The Payment Rails Faster

This is our weekly plunge into some of the more interesting patents awarded in the payments space.

Visa Needs To Ride The Rails Faster—And These Are Literally Rails. On Tuesday (Dec. 15), Visa was granted a patent that deals with how transactions can be approved quickly enough for the increasingly-popular mobile public transit payments.

This is our weekly plunge into some of the more interesting patents awarded in the payments space. Visa Needs To Ride The Rails Faster—And These Are Literally Rails. On Tuesday (Dec. 15), Visa was granted a patent that deals with how transactions can be approved quickly enough for the increasingly-popular mobile public transit payments.

The Struggles Of Social Media Authentication For PFs

On December 8, Facebook said that the number of active business Pages on Facebook has grown to 50 million, a 25 percent increase since 40 million in April. This casual announcement from Facebook is significant for a few reasons, not the least of which is that it confirms what payment facilitators have known for years: Social payment needs are soaring.

Specifically, FB's stats illustrate the explosive, global growth in the number of small merchants while simultaneously reminding merchants how much they need to embrace social media as both a marketing and communications tool.

On December 8, Facebook said that the number of active business Pages on Facebook has grown to 50 million, a 25 percent increase since 40 million in April. This casual announcement from Facebook is significant for a few reasons, not the least of which is that it confirms what payment facilitators have known for years: Social payment needs are soaring.

Global Wrap: Russia Offers Card Brand Alternative, Citi Guts Loyalty Benefits In Australia

This week's reports—from Russia, Taiwan, Australia, China, Singapore, Sri Lanka and Canada— show the continued shifts in payments strategies across the globe.

Russian Banks Issue First Payment Alternative To Visa, MasterCard. The move on Tuesday (Dec. 15) reveals the Mir card, which translates to "peace," "world" and "Bite me, U.S. card brands." According to a story in The Rakyat Post, Mir was issued "by a string of banks, among them Gazprombank, Rossiya bank and others blacklisted by the West following Moscow’s annexation of Crimea from Ukraine last year."

This week's reports—from Russia, Taiwan, Australia, China, Singapore, Sri Lanka and Canada— show the continued shifts in payments strategies across the globe.

Deloitte: Ignorance Isn’t Bliss. It’s Killing Mobile Payments

On Wednesday (Dec. 9), Deloitte released a major mobile report and concluded that mobile payments is suffering from a payments industry self-inflicted wound: an almost criminal lack of shopper and store associate education about mobile payments.

This is one of those good news/bad news situations. The good news is if the payments industry leaders act smart, this problem can not only be solved, but reversed. Consumer and store employee education will sharply boost mobile payments usage—and that will on top of a continual influx of new mobile shoppers as more people upgrade to NFC-friendly smartphones. The bad news is—when was the last time you saw a lot of payments industry leaders acting smart?

On Wednesday (Dec. 9), Deloitte released a major mobile report and concluded that mobile payments is suffering from a payments industry self-inflicted wound: an almost criminal lack of shopper and store associate education about mobile payments.

Payment Card Attorney Encourages Credit Unions To Reject Home Depot Data Breach Settlement

In a conference call on Monday (Dec. 7) organized by MasterCard, credit unions and other financial institutions were encouraged to reject data breach settlement offers from Home Depot, arguing that the offers are too vague.

In a blog post from the Credit Union National Association that described that conference call, Joseph Guglielmo, lead counsel for financial institutions in the case, was quoted as making the key presentation. "Until Home Depot discloses all of the facts relating to its agreement with MasterCard, we recommend that financial institutions reject any settlement that requires them to release their claims in court and does not offer a significant reimbursement for their losses, beyond what they’re already entitled to,” Guglielmo was quoted as saying.

In a conference call on Monday (Dec. 7) organized by MasterCard, credit unions and other financial institutions were encouraged to reject data breach settlement offers from Home Depot, arguing that the offers are too vague.

SamsungPay Admits It Won’t Deliver Wearable Payments Until Next Year

Just what the world of mobile payments needs to boost consumer confidence: Missed delivery deadlines. In a Tweet reply to a consumer, SamsungMobile US has confirmed that SamsungPay didn't make its November '15 promised U.S. payment support for the wearable GearS2 smartwatch. The Tweet apologized for the delay—without explaining its cause—and promised that SamsungPay will happen "in 2016. Stay tuned for more information."

This is especially problematic given that Samsung pushed the payments capabilities as it sold those watches. The fallout from this delay doesn't only hurt Samsung. When an industry segment is as young as mobile payments, we can't afford these kinds of delays. Why is it so damaging? Mobile payments demand a change in behavior, which is hard enough on its own. But what happens when those watch owners get frustrated by their inability to make payments? It will feed their fears that mobile payments really doesn't work and that it's too risky an experiment with which to entrust their hard-earned money.

Just what the world of mobile payments needs to boost consumer confidence: Missed delivery deadlines. In a Tweet reply to a consumer, SamsungMobile US has confirmed that SamsungPay didn't make its November '15 promised U.S. payment support for the wearable GearS2 smartwatch. The Tweet apologized for the delay—without explaining its cause—and promised that SamsungPay will happen "in 2016. Stay tuned for more information."

Payment Patent Potpourri: MasterCard Wants To Combine Purchase History With Police Files

Patents and Patent Pendings issued give a fascinating glimpse into the thoughts, strategies and possible future product plans of payments company executives. Although many issued patents never morph into products, someone thought the idea was worth preserving as an option.

But it can also include plenty of "What the heck were they smoking?" ideas. This week's batch of Patents and Patent Pendings—from Visa, MasterCard, Paypal and eBay—doesn't disappoint.

Patents and Patent Pendings issued give a fascinating glimpse into the thoughts, strategies and possible future product plans of payments company executives. Although many issued patents never morph into products, someone thought the idea was worth preserving as an option. But it can also include plenty of "What the heck were they smoking?" ideas. This week's batch of Patents and Patent Pendings—from Visa, MasterCard, Paypal and eBay—doesn't disappoint.

The Periodic Visa/MasterCard Obit Is As Wrong As It Is Boring

Throughout the years, the biz obituary has been repeatedly written for Visa and, to a lesser extent, MasterCard. Just about every movement that has threatened to destroy them—such as mobile firms creating their own rails to handle payments—has generally made them stronger, such as when those same mobile firms ended up realizing that it's cheaper to just use what the card brands already spent billions to create.

Every few years, another supposed card-brand-killer comes up. Remember how Durbin was supposed to be the end of Visa? And then it was ISIS/Softcard and Google Wallet? Not only were those obits wrong then, but given the realities today of card-brand-controlled tokenization, it's even more wrong now. The latest obit crafted was this investment column, which even went so far as to pencil in a date for the Visa/MasterCard tombstone, with a hed declaring "MasterCard and Visa Stock Could Crumble in 2016." (An old journalism professor years ago told a colleague that he should look at any headline that says "could" or "may" and see if it would be just as true were it changed to "could not" or "may not." If it was, kill that headline.)

Throughout the years, the biz obituary has been repeatedly written for Visa and, to a lesser extent, MasterCard. Just about every movement that has threatened to destroy them—such as mobile firms creating their own rails to handle payments—has generally made them stronger, such as when those same mobile firms ended up realizing that it's cheaper to just use what the card brands already spent billions to create.

Payment Patent Potpourri: PayPal and MasterCard Get Creative On Authentication, Plus Can Thunder Predict Transactions?

The U.S. Patent Office has been busy approving some wacky payment ideas and we're going to periodically tell you about some of our favorites. The winners this week are two unrelated ideas on mobile-based authentication from PayPal and MasterCard—including the length of a shopper's finger, how they walk and bits of their voice conversations—plus a MasterCard idea on exploring weather-to-purchase correlations on an individualized basis.

This Patent, issued on Tuesday (Dec. 1), is based on the length of a consumer's finger in a secondary fashion. What it actually does is ask the user to create a specific drawing, a task that will be done in a unique way by consumers because of their hand designs and other factors.

The U.S. Patent Office has been busy approving some wacky payment ideas and we're going to periodically tell you about some of our favorites. The winners this week are two unrelated ideas on mobile-based authentication from PayPal and MasterCard—including the length of a shopper's finger, how they walk and bits of their voice conversations—plus a MasterCard idea on exploring weather-to-purchase correlations on an individualized basis.

MasterCard Survey Finds That Australians Prefer NFC Over Cash. But That’s Not The Whole Story

In a survey that MasterCard commissioned in Australia, most participants said that they preferred contactless payments compared with cash. But the fineprint tells a different—and more perplexing—story. The card brand said the survey audience was "1,005 Australians aged between 18-64 years old, who have a credit or debit card." Nothing about them having an NFC-friendly smartphone, which is an important detail when gauging the interest and acceptance of contactless payments.

Of those surveyed, only 64 percent said they preferred contactless to cash, which means 36 percent still preferred cash. (See why it's critical to know if they even have the ability to do mobile payments?) Even worse, it wasn't a reference to all cash payments, but it was limited to "small transactions under a $100 instead of entering their PIN," MasterCard said. That raises the question of what would happen to that 64 percent stat when it tops $100 and PIN-entry becomes an issue? Does paper money regain its favored spot in Australian consumer wallets?

In a survey that MasterCard commissioned in Australia, most participants said that they preferred contactless payments compared with cash. But the fineprint tells a different—and more perplexing—story.

WeChat Cuts Global Money Transfer Deal With Western Union

In a deal that could make Tencent-owned social media platform WeChat into a serious payments player, WeChat announced Tuesday (Nov. 17) a deal with Western Union that allows WeChat's U.S. users to send money cross-border to 200 countries and territories, all while riding Western Union's rails.

With conflicting laws, industry regulations and security concerns, simplified global money transfers has been a top PF priority. "Consumers are able to fund the money transfer utilizing a debit card, credit card or bank account and easily direct the funds to a Western Union retail agent location around the world, and to a mobile wallet or bank account where available," said a joint statement from WeChat and Western Union. "WeChat together with its sister product Weixin in China had over 650 million of monthly active user accounts at end of September 2015."

In a deal that could make Tencent-owned social media platform WeChat into a serious payments player, WeChat announced Tuesday (Nov. 17) a deal with Western Union that allows WeChat's U.S. users to send money cross-border to 200 countries and territories, all while riding Western Union's rails.

MasterCard Thinks It Can Standardize Mobile Loyalty. And It Might Be Right

For mobile payments to move into the massive adoption phase, some version of loyalty/couponing will be essential. Otherwise, once the novelty wears off, there are simply no sustainable reasons for shoppers to stick with mobile. But with every mobile player preparing to somehow push loyalty, the chance of having conflicting incompatible technology is all-but-certain. Can MasterCard change that?

On Tuesday (Nov. 17), the number two card brand introduced a loyalty middleware specification that it hopes will be adopted widely enough to give mobile loyalty a chance to grow seamlessly. Given that few if any mobile payment schemes will be offered without support for at least one issuer's MasterCard, the card brand seems a sufficiently politically neutral player to sidestep the usual vendor resistance. In MasterCard's statement, the brand said it's proposed specification "enables mobile applications to offer a seamless connection between payment, promotions and loyalty redemption. It enables consumers to select their loyalty card, the coupons/promotions they want to redeem, and make a payment in a single or double tap at a contactless terminal."

For mobile payments to move into the massive adoption phase, some version of loyalty/couponing will be essential. Otherwise, once the novelty wears off, there are simply no sustainable reasons for shoppers to stick with mobile. But with every mobile player preparing to somehow push loyalty, the chance of having conflicting incompatible technology is all-but-certain. Can MasterCard change that?

Transit Mobile Payment Is A PF Dream Come True

On Monday (Nov. 16), San Francisco Mayor Ed Lee officially brought his city's public transit system into the mobile payment era, following similar moves by cities across the globe. Just last month, the totality of London's black cabs said that they will accept mobile payment.

These efforts are crucial for the payment facilitator community as nowhere is the need for the speed and convenience of mobile payments more needed than in urban public transit. Of potentially greater significance are the huge volumes of consumers that are using such systems—and the extreme tendency of such communities to get comfort from what other travelers are doing. In short, successful transportation trials have a far greater chance of meaningfully moving the acceptance needle than almost any other vertical. As much as coffee shops may gravitate to every kind of mobile payment imaginable, they simply don't have the volume—nor the copycat psychology—that comes with the transportation territory.

On Monday (Nov. 16), San Francisco Mayor Ed Lee officially brought his city's public transit system into the mobile payment era, following similar moves by cities across the globe. Just last month, the totality of London's black cabs said that they will accept mobile payment. These efforts are crucial for the payment facilitator community as nowhere is the need for the speed and convenience of mobile payments more needed than in urban public transit.

NYC Mobile Banking Study: Underbanked Much More Likely To Accept Texts

A new mobile banking analysis just published by New York City government officials found that underbanked consumers were more likely to use text or e-mail alerts as well as engage in more frequent money transfers. But those underbanked were also the most concerned about financial data privacy.

"The unbanked were more likely to share their mobile phones than the banked and underbanked. The way in which respondents reported paying for their mobile phones also differed across banking status: the banked were much more likely than the underbanked and unbanked to report having a monthly contract for their phone, while the unbanked and the underbanked reported using prepaid cell phones at much greater rates than the banked," the report said. "Banked smartphone users were more likely to have iPhones, while underbanked and unbanked smartphone users were more likely to have Android phones."

A new mobile banking analysis just published by New York City government officials found that underbanked consumers were more likely to use text or e-mail alerts as well as engage in more frequent money transfers. But those underbanked were also the most concerned about financial data privacy.

Global Wrap: European Parliament Insisting On Mobile Payment Standards

The global payments space was brimming with activity this week, as next month's holidays loom ever closer.

Three major Thailand mobile operators—Advanced Info Service (AIS), Total Access Communication (DTAC) and True Move—have struck a deal that is supposed to allow consumers to easily transfer money amongst the group starting Dec. 1. All users need do is key in the receiver's mobile number. No bank account details needed.

The global payments space was brimming with activity this week, as next month's holidays loom ever closer.

We Won’t Publish The Week Of Nov. 23, For Thanksgiving

In observation of the U.S. Thanksgiving holiday, PaymentFacilitator.com will not publish the week of Nov. 23, either on our sites or in our weekly newsletter.

We will be back the first week of December with all of the news that PFs need, along with a few extra goodies as we unveil some new editorial features and prepare to launch our podcast series.

In observation of the U.S. Thanksgiving holiday, PaymentFacilitator.com will not publish the week of Nov. 23, either on our sites or in our weekly newsletter. We will be back the first week of December with all of the news that PFs need, along with a few extra goodies as we unveil some new editorial features and prepare to launch our podcast series.

New York Payments Regulators Want New Third-Party Security Rules

One of the nation's most influential state regulators on Monday (Nov. 9) proposed a series of new security requirements aimed at third-party companies involved in payments. But the letter from Anthony Albanese, the acting superintendent of the New York Department Of Financial Services, could have a chilling effect in PF development efforts, cracking down at potentially the worst time for payments startups.

The letter spoke of "the financial industry’s reliance on third-party service providers for critical banking and insurance functions as a continuing challenge" and such third-party services "often have access to sensitive data and to a financial institution’s information technology systems, providing a potential point of entry for hackers. A company may have the most sophisticated cyber security protections in the industry, but if its third-party service providers have weak systems or controls, those protections will be ineffective."

One of the nation's most influential state regulators on Monday (Nov. 9) proposed a series of new security requirements aimed at third-party companies involved in payments. But the letter from Anthony Albanese, the acting superintendent of the New York Department Of Financial Services, could have a chilling effect in PF development efforts, cracking down at potentially the worst time for payments startups.

Samsung Pay’s Encryption Perception Problem

It seems a funny thing has happened on the way to using Samsung Pay for some users, as the emerging mobile payments platform isn't compatible with a phone’s encryption protocol. Simply stated: if the phone is switched into encrypted mode (as many who use their phones for work are required to do), users can’t add cards to their Samsung Pay wallet.

This isn't going over well. Although it's not yet clear if this encryption conniption is a glitch or intentional, either way it is sending a positively terrible message to users about Samsung Pay and security. Not requiring a user to activate phone encryption is one thing, but refusing new payment credentials if it's already been activated is very different.

It seems a funny thing has happened on the way to using Samsung Pay for some users, as the emerging mobile payments platform isn't compatible with a phone’s encryption protocol. Simply stated: if the phone is switched into encrypted mode (as many who use their phones for work are required to do), users can’t add cards to their Samsung Pay wallet. This isn't going over well. Although it's not yet clear if this encryption conniption is a glitch or intentional, either way it is sending a positively terrible message to users about Samsung Pay and security.

Apple Wants Into P2P Payments, Talking With Chase, CapOne, Wells Fargo, U.S. Bancorp

In an attempt to control as much consumer payments as possible, Apple is in negotiations with J.P. Morgan Chase, Capital One, Wells Fargo and U.S. Bancorp to launch a bank-account-based P2P payments service, according to a Wednesday report in The Wall Street Journal. If successful, it's value would be huge to Apple, but not on a per-transaction fee basis. The goldmine would be the data, the equivalent of knowing every check, money transfer and payment card transaction made by millions of its customers.

Beyond the privacy implications of a consumer goods company having so much consumer personal data—on top of whatever health data is being gathered through Apple's Health app—there are also security concerns. The more avenues of access that exist into a bank account, the more chances there are for a glitch to withdraw more than expected or for the ultra-sensitive bank account routing numbers to leak where a cyberthief could see it.

In an attempt to control as much consumer payments as possible, Apple is in negotiations with J.P. Morgan Chase, Capital One, Wells Fargo and U.S. Bancorp to launch a bank-account-based P2P payments service, according to a Wednesday report in The Wall Street Journal. If successful, it's value would be huge to Apple, but not on a per-transaction fee basis. The goldmine would be the data, the equivalent of knowing every check, money transfer and payment card transaction made by millions of its customers.

MC Makes Its Zero Liability Worldwide, In A Move That Visa Can’t Yet Match

MasterCard on Wednesday (Nov. 11) globalized its zero liability policy, in effect delivering the kind of consistent worldwide shopper protection that Visa can not yet offer. But it will take MasterCard—which has been working on the policy change for a year—until as late June 30, 2016, to support all regions, giving Visa time to react.

This competitive differentiator is because MasterCard is one global organization, whereas Visa's country operations are separated, a move that Visa last week started to address with its proposed reunification of Visa and Visa Europe.

MasterCard on Wednesday (Nov. 11) globalized its zero liability policy, in effect delivering the kind of consistent worldwide shopper protection that Visa can not yet offer. But it will take MasterCard—which has been working on the policy change for a year—until as late June 30, 2016, to support all regions, giving Visa time to react.

Home Depot Payment Card Fraud Via HR Records

In a big company, when it's suspected that someone is misusing company data to steal money from other employees, the first call is supposed to be to human resources. But what if the fraud is being perpetrated by a couple of HR staffers? That's what happened at Home Depot.

The two Home Depot HR people, Paulette Shorter and Lakisha Grimes, were sentenced to two years and one day in federal prison. According to the feds, the HR staffers used Home Depot personnel files to extract names, social security numbers and birthdates to apply online for Capital One payment cards. They used the names and data not only of Home Depot employees, but of job applicants, too.

In a big company, when it's suspected that someone is misusing company data to steal money from other employees, the first call is supposed to be to human resources. But what if the fraud is being perpetrated by a couple of HR staffers? That's what happened at Home Depot.

Global Wrap: Nambia Launches A New National Payments System

Payments developments around the globe has mobile commerce taking off across southeast Asia, card swipe fees and surcharges on the hotseat in Australia and New Zealand, foreign card players are facing an easier than expected time entering Chinese marketplaces while PayTM is pushing hard for its Payment Bank in India.
Payments developments around the globe has mobile commerce taking off across southeast Asia, card swipe fees and surcharges on the hotseat in Australia and New Zealand, foreign card players are facing an easier than expected time entering Chinese marketplaces while PayTM is pushing hard for its Payment Bank in India.

Can Candor And A Payments Card Launch Co-Exist?

Even in payments, a little candor can go a long way, especially in public CEO statements about issuing a new kind of payments card. This comes from a British company called Mondo, which is about generate MasterCard Prepaid Debit cards issued by Wirecard Card Solutions, which is a payment facilitator as well as being a prepaid issuer.

Still, it's not often that a payments CEO pledges that customers will have headaches—and yet Mondo CEO Tom Blomfield did just that when introducing the Alpha version of his card.

Even in payments, a little candor can go a long way, especially in public CEO statements about issuing a new kind of payments card. This comes from a British company called Mondo, which is about generate MasterCard Prepaid Debit cards issued by Wirecard Card Solutions, which is a payment facilitator as well as being a prepaid issuer.

Wall Street Vs. Silicon Valley: There’s A New PF Lobbyist In Town

In a payment facilitator-focused fight that could be painted as Wall Street lobbyists against Silicon Valley lobbyists, a tech group—consisting of Amazon, Apple, Google, Intuit and PayPal—has created a payments lobbying group solely designed to counter the influence of traditional financial players, including Visa, MasterCard, Amex, Chase and Citibank. The group announced its formation on Tuesday (Nov. 3).

The new group calls itself Financial Innovation Now (FIN) and argues that it wants to persuade politicians to go a different route. Complicating matters is the diversity of the FIN group. The concerns of Amazon, Apple and Google, for example, are aligned, in that they are major financial players in retail, hardware, mobile and search engines that are exploring payments initiatives, initiatives that are likely to remain secondary to their primary revenue lines. But PayPal and Intuit are much more closely involved in financial services, with PayPal being every bit as much of a pure payments player as Visa.

In a payment facilitator-focused fight that could be painted as Wall Street lobbyists against Silicon Valley lobbyists, a tech group—consisting of Amazon, Apple, Google, Intuit and PayPal—has created a payments lobbying group solely designed to counter the influence of traditional financial players, including Visa, MasterCard, Amex, Chase and Citibank. The group announced its formation on Tuesday (Nov. 3).

Google Slaps Symantec Around For Certificate Blunders. But Shouldn’t Payment Certificates Mean Something

Google has taken the unusual action of taking to task Symantec for supposedly sloppy enforcement of its digital certificates. What is payments-relevant here is that digital certificates—even when executed perfectly—do not deliver to shoppers the security assurances that most shoppers assume.

What the payments space needs are true e-commerce certificates, that actually represent security assurances for the site, not merely that the company is truly behind that domain. A cyberthief trying to rip shoppers off would also take the effort to properly register his domain.

Google has taken the unusual action of taking to task Symantec for supposedly sloppy enforcement of its digital certificates. What is payments-relevant here is that digital certificates—even when executed perfectly—do not deliver to shoppers the security assurances that most shoppers assume.

Global Roundup: Why Don’t Egyptians Like Mobile Payments?

In this week's wrap of global payments developments, we have payment stats from Egypt that are more lack-of-payment stats, U.K. payments security testing, a Swedish payments spin-off and a new mobile bill pay push in Australia.
In this week's wrap of global payments developments, we have payment stats from Egypt that are more lack-of-payment stats, U.K. payments security testing, a Swedish payments spin-off and a new mobile bill pay push in Australia.

MCX Finally Gets Its Interchange Break—After Chase Hands It To Them

When JPMorgan Chase on Monday (Oct. 26) promised new mobile capabilities for its online Chase Pay program next summer, it chose to take a decidedly retailer-oriented approach. With the lures of lower interchange fees plus all of the fraud cost protections of the EMV liability shift without having to accept EMV, Chase has given retailers concrete reasons to push Chase Pay over other payment methods.

The Chase announcement named MCX (and specifically members Walmart, Target, Best Buy and Shell) as premier partner. Interestingly, the interchange reduction effort that caused MCX to form years ago but had been all but abandoned by the group recently is the centerpiece of Chase's 2016 plans. What MCX couldn't get on their own was handed to them by Chase.

When JPMorgan Chase on Monday (Oct. 26) promised new mobile capabilities for its online Chase Pay program next summer, it chose to take a decidedly retailer-oriented approach. With the lures of lower interchange fees plus all of the fraud cost protections of the EMV liability shift without having to accept EMV, Chase has given retailers concrete reasons to push Chase Pay over other payment methods.

The Chase announcement named MCX (and specifically members Walmart, Target, Best Buy and Shell) as premier partner. Interestingly, the interchange reduction effort that caused MCX to form years ago but had been all but abandoned by the group recently is the centerpiece of Chase's 2016 plans. What MCX couldn't get on their own was handed to them by Chase.

Welcome To Your New Home For Payment Facilitator News You Can Use

Welcome to PaymentFacilitator.com, your home for an independent and analytical take on the payments issues of concern for the PF community. For our take on the major changes impacting payment facilitators and why this editorial community is needed right now, please drop by our About Us page.

It seems, though, this Letter From The Editor is best used to not promise what we'll deliver in the near future, but to tell you what we are delivering to you right now and why those pieces have the information that you're simply not going to find elsewhere today, especially from the various payments media.

Welcome to PaymentFacilitator.com, your home for an independent and analytical take on the payments issues of concern for the PF community. For our take on the major changes impacting payment facilitators and why this editorial community is needed right now, please drop by our About Us page.

It seems, though, this Letter From The Editor is best used to not promise what we'll deliver in the near future, but to tell you what we are delivering to you right now and why those pieces have the information that you're simply not going to find elsewhere today, especially from the various payments media.

The Implications Of Soaring Mobile Biometric Authentication Stats

Noticed an interesting stat hit the wires on Tuesday (Oct. 27) from Juniper Research. Juniper reported "that the increased rollout of contactless payment services using fingerprint scanners will push the number of biometrically authenticated transactions to nearly 5bn by 2019, up from less than 130 million this year."

Going from 130 million to almost 5 billion in four years is an impressive path—if the numbers are to be believed—but the changes to consumer behavior is potentially even more dramatic. Juniper limited its projection to biometrically authenticated transactions. The reality is that as consumers get comfortable with mobile biometrics, those fingerprint scans will authenticate consumers as they walk into banks, doctor’s offices, gyms and when they open secure apps. In the same way that fingerprint scans on iOS and Android devices are making consumers comfortable with all manner of biometric authentication, those devices and associated behaviors are also going to open the door to biometric authentication in areas well beyond mobile devices. Indeed, they could open the doors to, well, opening doors.

Noticed an interesting stat hit the wires on Tuesday (Oct. 27) from Juniper Research. Juniper reported "that the increased rollout of contactless payment services using fingerprint scanners will push the number of biometrically authenticated transactions to nearly 5bn by 2019, up from less than 130 million this year."

Going from 130 million to almost 5 billion in four years is an impressive path—if the numbers are to be believed—but the changes to consumer behavior is potentially even more dramatic. Juniper limited its projection to biometrically authenticated transactions. The reality is that as consumers get comfortable with mobile biometrics, those fingerprint scans will authenticate consumers as they walk into banks, doctor’s offices, gyms and when they open secure apps. In the same way that fingerprint scans on iOS and Android devices are making consumers comfortable with all manner of biometric authentication, those devices and associated behaviors are also going to open the door to biometric authentication in areas well beyond mobile devices. Indeed, they could open the doors to, well, opening doors.

The Non-Intuitive World Of Authentication And Social Media

A cyberthief walks into a bank branch, fully prepared to impersonate his intended high-net-worth victim. Not only is he equipped with fake IDs in the victim's name, lots of personal information courtesy of social and search engine research, but the thief has even taken the precaution of breaking into his victim's social accounts and replacing his thief-like face for the victim's on the victim's own social sites. If anyone tries to check on the Facebook or LinkedIn site of the victim, the thief's face would be confirmed.

The banker in this case sits beneath a tiny video camera, one that is aimed at the seat where customers sit and specifically the facial area of those customers. Controls of the banker-facing screen allow the image to be precisely aimed for customers of varying heights. And while the banker is pitching her safe-deposit boxes and other bank services, software does a quick check on the thief's face. Sure enough, it matches the social media images—but the software notes that those images were all recently changed. The software's database maintains a record of the last 10 images of everyone it can find—and that history of images foiled our thief's efforts.

A cyberthief walks into a bank branch, fully prepared to impersonate his intended high-net-worth victim. Not only is he equipped with fake IDs in the victim's name, lots of personal information courtesy of social and search engine research, but the thief has even taken the precaution of breaking into his victim's social accounts and replacing his thief-like face for the victim's on the victim's own social sites. If anyone tries to check on the Facebook or LinkedIn site of the victim, the thief's face would be confirmed.

The banker in this case sits beneath a tiny video camera, one that is aimed at the seat where customers sit and specifically the facial area of those customers. Controls of the banker-facing screen allow the image to be precisely aimed for customers of varying heights. And while the banker is pitching her safe-deposit boxes and other bank services, software does a quick check on the thief's face. Sure enough, it matches the social media images—but the software notes that those images were all recently changed. The software's database maintains a record of the last 10 images of everyone it can find—and that history of images foiled our thief's efforts.

Financial Futility: Why Chip & PIN Sucks For Small Merchants

Given the huge importance of small merchants in the U.S. (especially one-location shops, which account for overwhelmingly more retail locations than any other merchant size segment), it's impressive how little attention has been paid to how inappropriate chip and PIN is for those merchants.

In the wake of the U.S. EMV liability shift that kicked in on October 1, there’s been no shortage of debate about Chip and PIN vs. Chip and Signature. Once again, our old friend, the Durbin Amendment, is having its say. And for all the high-minded security-oriented thoughts being dished out, along with the many biased special interests trying to influence the debate, the small and micro-merchant have been left out, as usual.

Given the huge importance of small merchants in the U.S. (especially one-location shops, which account for overwhelmingly more retail locations than any other merchant size segment), it's impressive how little attention has been paid to how inappropriate chip and PIN is for those merchants.

In the wake of the U.S. EMV liability shift that kicked in on October 1, there’s been no shortage of debate about Chip and PIN vs. Chip and Signature. Once again, our old friend, the Durbin Amendment, is having its say. And for all the high-minded security-oriented thoughts being dished out, along with the many biased special interests trying to influence the debate, the small and micro-merchant have been left out, as usual.