Updated: Monday, July 27, 2015
MasterCard, NYPAY explore fintech APIs
M asterCard Worldwide and NYPAY co-hosted a summer evening celebration of financial technologies on July 22, 2015, in New York City. Sixty-five attendees enjoyed a casual dinner, networking and panel discussion held at MasterCard's Technology Hub and titled APIs in Fintech: What They Do and Why They Matter.
The technology hub, which opened in October 2014 in New York's tech-friendly Flatiron District, leverages what MasterCard Chief Executive Officer Ajay Banga described as a "pre-eminent technology and product talent pool." The open design environment spans three floors and 60,000 square feet, housing 200 employees from five MasterCard technology teams, including MasterPass, the Digital Enablement System, OpenAPI, MasterCard Labs and Start Path. Banga said the office will build on the work of similar teams in Dublin, Singapore and St. Louis that focus on innovation and emerging digital technologies.
NYPAY, a professional organization for payments industry leaders and innovators established in 2006, has hosted a series of events designed to facilitate "between-panel conversations with interesting people you don't meet during your daily routine." The group's growing membership base includes senior executives from around the globe with expertise in finance, government, banking, journalism, payments and emerging technologies.
4 P's: pizza, programmers, panelists, payments
After an informal hour of networking, refreshments and pizza, NYPAY President David True moderated the panel discussion. In his opening comments, True noted that APIs (short for application programming interfaces) have evolved from an esoteric engineering term into a popular news topic and staple of popular culture. He cited the practice of using Facebook credentials to log into a website or app as an example of widespread API use.
True entreated the audience to think beyond the API acronym, commonly defined as protocols, routines and tool sets for use in building software applications, to explore "what they are, what they do and why they are so important to payments, data and security."
He then introduced panelists T.M. Praveen, Head of Platform Transformation Service at Opus Consulting Group; Dave Matter, Head of Product at Marqeta Inc.; and Brien Buckman, Product Manager of MasterCard's API Platform.
APIs' multifaceted value proposition
Here is a sampling of API benefits for consumers, business owners and programmers cited by panelists:
- Cost saving: "When they use APIs, ecommerce providers can focus on their product without having to build the infrastructure involved with acquiring," Dave Matter said. "Issuing banks and their networks can take advantage of benefits without investing in complexity."
- Time saving: "APIs enable companies to leverage their partners' expertise by using two or three APIs to build any sort of application," said T.M. Praveen. "APIs can enhance legacy infrastructures. Apple Pay integration can be as simple as downloading an SDK."
- Marketability: "MasterCard at one time only worked with big companies," Brien Buckman said. "APIs provide standardized documentation and a recipe list that enables MasterCard to work with many new types of customers." Buckman described the sharing economy and on-demand delivery services as "interesting verticals involving a lot of APIs." As an example, a courier service could use an API to find the closest courier in a given geographic area, prompting a notification to activate a dormant courier card or device.
- Scalability: Buckman further noted that the value proposition for API usage isn't just external. Many companies built APIs for their own consumption, then decided to share the API with the world. "Amazon Web Services is a perfect example of this trend," he said. "The company needed to create a logistics solution for their expanding database of SKUs; it needed to be flexible with the capacity to accommodate higher transaction volumes during high-peak holiday seasons." Amazon's internal model was so successful that the company created Amazon Web Services, an online hosted portal that enables other companies to outsource a range of database storage, analytics, application and deployment services.
Rules engines, best practices
APIs enable companies to build products quickly and efficiently by accessing a range of functionalities within a technology platform. Buckman said MasterCard's policy is to use data in an aggregated, anonymous way. "For example, we can identify popular establishments using spend data from people who patronize restaurants in a specific geography," he said.
Matter said APIs are designed to "delight engineers and be a pleasure to work with." He cited quality, ease-of-use and economic feasibility as key components of well-designed APIs. He also stated that "idempotency," in which the same inputs yield the same effects, is a benchmark of API testing, and most companies will stress test a product built around an API in a "sandbox environment" to ensure the product is ready for market.
The design process itself can be a delicate balance between a paint-by-numbers approach versus providing broad-brush suggestions, Matter added. "You don't want to go all the way to canned solutions," he said. "When you give tools to creative people, they can come up with interesting permutations."
PayPal gets wings, makes mobile play
Friday, July 24, 2015
U pon spinning off from parent company eBay Inc., PayPal Inc. declared it wants to be a dominant player in the mobile payments space. "Mobile technology is transforming payments, making it easier, safer and more affordable for people to move and manage their money than ever before," said PayPal President and Chief Executive Officer Dan Schulman in a July 20, 2015, statement. "As an independent company, we see tremendous opportunity for PayPal to expand our role as a champion for consumers and partner to merchants, and to help shape the industry as money becomes digital at an increasingly rapid pace."
PayPal, which re-listed on the NASDAQ exchange on July 20, was founded in 1999 to facilitate online payments. The company was listed on NASDAQ until October 2002, when it was acquired by the online auction giant eBay, for $1.5 billion. eBay has since helped to fund much of PayPal's market expansion. PayPal became involved directly in merchant services in 2004 with the launch of the iTunes Store; eight years later, in May 2012, it began supporting in-store payments with PayPal Here. In 2006, PayPal introduced its support for mobile payments using SMS technology. Soon after, it received a banking license from Luxemburg.
More recently, eBay purchased four companies with mobile payment capabilities to bolster PayPal in preparation for its spinoff. The four are: Venmo, a licensed money transmitter; Braintree, an online merchant acquiring firm that had previously owned Venmo; digital remittance company Xoom Corp.; and Paydiant Inc., a cloud-based mobile wallet platform.
Meanwhile, immediately following its return to NASDAQ trading, PayPal heralded a deal with TransferTo, which specializes in mobile prepaid top-ups. The arrangement allows Canadians to pay for mobile airtime using their PayPal accounts.
Discussing the newly independent PayPal in a post on the online investment research platform Seeking Alpha, LN Investors, an independent investor, stated PayPal was ready to expand in the mobile payments space. Describing the recent acquisitions, LN wrote, "With this kind of firepower, I'd say the competition had better watch out for an unleashed Pay Pal."
In a call with analysts, Visa Inc. CEO Charlie Scharf said he isn't concerned about PayPal posing a competitive threat. "[W]e actually don't spend a lot of time thinking about what PayPal is doing," he said. Scharf also noted that PayPal relies on Visa processing rails for a large number of the payments it handles
Strong balance sheet, analysts impressed
PayPal begins anew as a public company with a strong balance sheet – "more than $6.5 billion in cash, and no debt," Patrick Dupuis, PayPal's Chief Financial Officer noted in a statement. "Globally, PayPal processed more than $250 billion worth of payments in the last 12 months and more than 4 billion transactions for customers in 203 markets last year," he said. Included in those 4 billion transactions were $46 billion in mobile payments, Dupuis said. In all, PayPal generated $8 billion in revenues for eBay last year.
Analysts are generally positive about the prospects for an independent PayPal, which closed on its first day of trading, July 20, at $41.30 and has since slipped to about $37. "The company has a big head start over its [mobile] wallet competitors in terms of trust and online acceptance, which should allow it to benefit from the rapid growth of digital payments over the near term," analysts at Morningstar Equity Research wrote in a report released on July 20. The report noted ample opportunities for global growth.
Jim Sinegal, a Morningstar analyst and primary author of the report, said the spinoff positions PayPal well to woo merchants looking for new acquiring partners. "So many merchants compete with eBay (Amazon, too, for that matter) there's been a reluctance to use these firms for payment services," he said. Sinegal also noted that Paydiant already runs several payment-driven payment platforms, most notably CurrentC, the mobile platform backed by leading merchants through an organization known as the Merchant Customer Exchange.
Bitcoin exchanges gain traction, dodge VAT
Tuesday, July 21, 2015
T he European Union's Court of Justice Advocate exempted bitcoin trading from Europe's value-added tax (VAT). The Luxembourg-based tribunal heard arguments from Estonia, Germany and Sweden before reaching the July 16, 2015, decision. These parties and the European Banking Authority had petitioned the court for guidance on taxing digital currencies.
In the absence of an English trial transcript, analysts used Google translation tools to review the ruling. They concluded that European authorities could find no legal precedent for taxing digital exchange conversions between digital money and fiat currencies. The ruling stipulates that digital currency products are created outside of the traditional banking system and therefore not subject to the same rules as fiat currencies. The ruling further instructs European member states to render all virtual currency transactions tax exempt including "payments, transfers, debts, checks and other negotiable instruments, but excluding debt collection."
This action is a big win for Swedish entrepreneur David Hedqvist who wanted to sell bitcoins on his website and initially asked Swedish tax authorities to clarify bitcoin's taxable status. This matter and similar cases in Estonia and Germany were escalated to the EU when regional authorities in their respective member states failed to adequately define taxation parameters.
US, Europe outpaced in bitcoin adoption
Financial analysts expect the ruling to advance bitcoin adoption throughout the EU. Analysts and digital currency stakeholders anticipate that growing awareness of bitcoin's tax exempt status, combined with growing acceptance of bitcoin and other digital currencies at online and brick-and-mortar establishments, will create a tipping point for consumers and merchants.
Jack Jia, Operations Manager at San Francisco-based Snapcard has seen digital currency acceptance vary by region. Emerging economies have been faster than developed nations to adopt bitcoin and digital currencies, he stated.
"Credit cards are popular in the U.S., where consumers get points, rewards and cash back," he said. "But in developing countries like Argentina and Brazil, where currencies have been devalued against the dollar, consumers find it useful to have a democratized currency that is essentially free and supported by everyone."
Blockchain: beyond payments
While digital currencies are a relatively new phenomenon, there is evidence of potential use cases for these technologies beyond the payments ecosystem. Here are several examples:
- Investment products: Jia noted that bitcoin and digital currencies are viable stored value products that investors can use as a hedge against institutional risk. "It makes sense to have bitcoin as an asset class in a diversified investment portfolio," he added.
- Cross-border payments: Digital currencies are an efficient mechanism for cross-border payments. "Big enterprises operating at a global level can send mass payments using bitcoin as a rail," Jia said. "Cross-border transfers bypass the banking system and deliver money in local currency."
- Intellectual property registration: Melanie Swan, author of Blockchain: Blueprint for a new economy suggested there are other use cases for the distributed ledger technology that underpins bitcoin and other digital currencies. "[A] standard algorithm is run over a file (any file) to compress it into a short 64-character code (called a hash) that is unique to that document," she wrote. "The hash is then included in a blockchain transaction, which adds the timestamp [which is] proof of that digital asset existing at that moment." Swan believes any digital asset, regardless of its size, could be registered in the blockchain, adding it to a public record and effectively protecting its intellectual property.
Mobile web driving digital currency
Dr. Irving Wladawsky-Berger, Chairman Emeritus at the IBM Academy of Technology, attributes growing adoption of digital currencies to the evolution of the Internet, which has transformed the way we communicate and conduct business day to day.
"Now we're in a major next stage in the evolution of the Internet with digital money, digital payment and digital identity," he said, noting the disparity between banks, which are "conservative by nature, reacting at their own rate and pace," and technology companies that "move at the rate and pace of technology."
The cultural clash between slow-moving financial industries and fast-moving technology and telecommunications companies has been exacerbated by "the great new world of crypto-currencies" and their new infrastructures such as blockchain. These digital currencies facilitate financial transactions and payments without a central banking authority. "Instead, the crypto-currencies use very sophisticated peer-to-peer protocols to handle their transactions in very different ways," he stated.
Wladawsky-Berger also noted that bitcoin is the most famous crypto-currency; its standardized protocols and open source implementation make it widely accessible. However, bitcoin is "only one of hundreds of such digital currencies that are being invented all over the world," he said. "The rise of mobile devices, smart phones and the mobile Internet has created an explosion of Internet-connected phones [that] has spurred massive innovation in the ways in which we handle payments, all centered in the way we handle mobile currencies."
CFPB urges faster, safer consumer payments
Friday, July 17, 2015
F aster payments are fine so long as consumers don't become short changed by the process. That's the latest pronouncement from of the Consumer Financial Protection Bureau, which has just published a set of principles it wants to see new systems built around.
"Companies developing new financial technologies should be building systems from the outset with consumer protections in mind," CFPB Director Richard Cordray said upon publication of the guidelines. "It is a lot easier to build something right from the start than it is to retrofit it." He added that the agency "will continue our work to help ensure that financial services marketplaces are safe and transparent for consumers."
The CFPB is a quasi-independent federal agency charged with enforcing consumer financial protection laws. Created under the 2010 Dodd-Frank Act, the CFPB has been highly controversial, and several actions undertaken by the agency have direct consequences for payment companies.
A proposal now pending before the agency, for example, would extend to prepaid cards consumer protections that apply now to debit and credit cards. The agency also has underway reviews of credit card company practices and mobile financial services. And it has taken payment processors to task for accepting business from fraud it has taken down (see "CFPB sues ISOs, acquirer over client scams," The Green Sheet, April 27, 2015, issue 15:04:02).
In a speech to The Clearing House in November 2014, Cordray hinted that something like the new guidelines were coming. "[W]e have concerns that electronic payment systems can be misused to victimize consumers unless banks and the system administrators work to police and enforce safeguards," he said. "We must shine a light on the murkier corners of electronic payment systems and related practices, and we must be vigilant about preserving consumer protections."
Several initiatives are underway to promote faster payments. NACHA – The Electronic Payments Association adopted rules to support same-day settlement of automated clearing house (ACH) payments. Two new settlement windows are being added to the ACH network's schedule to accommodate same-day payments. (A batch processing network, the ACH has historically operated on a next-day settlement schedule.)
Meanwhile, the Federal Reserve has been working with various stakeholders (financial institutions, technology companies and other regulators) to encourage improvements in the speed and safety of payments. And The Clearing House – a New York-based consortium that operates the largest and oldest private-sector check and ACH clearing operations in the country – embarked upon a multiyear effort to build a new real-time payment system for consumer and business transactions.
In Consumer Protection Principles: CFPB's Vision of Consumer Protection in New Faster Payment Systems, published July 9, 2015, the CFPB voiced general support for faster payments but insisted consumers must "remain top of mind" throughout the development and implementation of new systems.
"In publishing these Principles, we are not specifying how they must be achieved," the bureau wrote. "Rather we recognize that a variety of system components, including system architecture, operator covenants and warranties, and requirements for participants and intermediaries, rules and other mechanisms may play critical roles in providing consumer protection, utility and value."
Here's what the CFPB wants to see with all new, faster payment systems.
- Consumer control over payments, including procedures for easy revocation of authorizations.
- Consumer control over how and when their financial data gets shared, and with whom.
- Fraud and error resolution protections, including easy-to-use mechanisms for reversing erroneous and unauthorized transactions.
- Transparency in terms of costs, risk, funds availability and security of payments.
- Affordability, with fees disclosed clearly and in a manner that supports comparative shopping.
- Broad access for all consumers, banked and unbanked, alike.
- Faster guaranteed access to funds, which should result in fewer overdrafts and non-sufficient funds situations.
- Strong, built-in protections to detect and limit errors, unauthorized transactions, fraud and data breaches.
- Strong accountability mechanisms and monitoring systems that protect against misuse.
The Clearing House issued a statement on July saying it was on board with the CFPB's desired outcomes. "Protecting consumers' hard earned money and providing them a safe and efficient way to transfer funds is at the core of what banks have done for centuries," said Jim Aramanda, President and Chief Executive Officer of The Clearing House.
PCI SSC revamps P2PE, device standards
Thursday, July 16, 2015
A fter thorough review and input from payments industry stakeholders, the PCI Security Standards Council (PCI SSC) recently released a comprehensive update to its encryption standard as documented in PCI Point-to-Point Encryption Solution Requirements and Testing Procedures Version 2.0.
The updated standard provides greater flexibility to solutions providers and to entities that offer components that can be integrated into P2PE-validated solutions. The PCI SSC categorizes elements within the latest standard by P2PE solutions, software applications, component providers and solution providers.
The PCI SSC acknowledged the natural learning curve that took place after introducing the original standard. "What we didn't consider in version 1 is that we were thinking that the solutions provider would also be the entity or the organization that would decrypt," said Troy Leach, Chief Technology Officer at the PCI SSC. "What we've learned over the course of several years is that there are scenarios where you would have a service provider that is only responsible for decrypting cardholder information."
With P2PE v2, merchants also have greater control over encryption programs. According to the PCI SSC, large merchants can now implement and manage their own P2PE solutions for various POS locations, securely separating duties, systems and functions between the merchant encryption and decryption environments. Or merchants can work with a third party to manage PCI P2PE solutions for them.
Ruston Miles, founder and Chief Innovation Officer at Bluefin Payment Systems, one of the first companies to receive P2PE validation, said, "With version 2.0, PCI has made the development and implementation of P2PE solutions easier. Now solutions providers and merchants can simply choose from individually validated components to build and manage their own P2PE solutions." Another benefit is that it creates a new market for vendors.
Bluefin Chief Executive Officer John Perry noted that the standard is "recognition of P2PE's critical role in a 'secure-all-channels' approach to data security" and that in conjunction with Europay, MasterCard and Visa chip card and tokenization technology, P2PE offers "the protection that American consumers deserve."
Devices get security boost
The PCI SSC also released an updated version of the PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements. This standard applies to POI device manufacturers; the devices include ATMs, unattended kiosks, mobile dongles and POS devices.
"As we see increasing attacks on ATMs and at the POS, it's critical to ensure the highest level of security at the device level," said the PCI SSC's Leach. Changes introduced in PTS POI version 4.1 include the addition of a new Core Module section that addresses configuration and maintenance procedures, as well as the addition of testing requirements to validate compliance.
For more information about these and other PCI SSC standard updates, visit www.pcisecuritystandards.org .
View prior breaking news