Updated: Tuesday, July 22, 2014
Acquisition fuels cross-border e-commerce
L ondon-based e-commerce payment firm Optimal Payments Plc agreed to acquire Los Angeles-based ISO TK Global Partners LP (doing business as Meritus Payment Solutions) in a $210 million transaction. The proposed acquisition, which is expected to close in the third quarter of 2014, is seen by Optimal and Meritus as a way to expand their e-commerce footprints statewide and overseas, respectively.
Optimal has an extensive portfolio concentrated primarily in the U.K., Canada and Europe, with one emphasis on legal online gambling in those markets. Meritus services small to midsize e-commerce businesses in the United States. Thus, the purchase gives Optimal a stronger foothold in the U.S. market, while Meritus will be able to leverage Optimal's payments suite to allow its U.S.-based merchants to reach new international customers.
In a statement, Optimal Payments President and Chief Executive Officer Joel Leonoff noted that the U.S. market represents the biggest expansion opportunity for Optimal. "After careful evaluation of a number of potential candidates, Meritus stood out as the perfect choice on all fronts," he said. "The company's strong stakeholder relationships, multi-channel sales force, established presence with small and medium businesses in the U.S. and entrepreneurial spirit makes them an ideal acquisition for us."
Meanwhile, Meritus Principal and cofounder Alan Kleinman added that the acquisition will allow the ISO to meet its strategic expansion goals as well. "Optimal Payments offers our employees, merchants and business partners the experience, global infrastructure and product offering to achieve the scale required in today's payments market," he said.
Dani Chafinoff, Chief Operating Officer at Optimal Payments, told The Green Sheet that Optimal intends to maintain the Meritus brand. "We have a lot of confidence and a lot of respect for what Meritus has done," he stated. "And we think that they have an incredibly strong brand recognition from their existing base, both from an agent perspective as well as just from the market in general. So the intent is to work very closely together to maintain our respective brands and find ways of taking advantage of the reach that Optimal has that Meritus doesn't yet have."
Payments without borders
Optimal has also agreed to purchase another Los Angeles-based, e-commerce-focused ISO – Global Merchant Advisors Inc. – for $15 million. Together, the two acquisitions will add over 8,000 U.S. small and midsize businesses to Optimal's portfolio.
Chafinoff noted that Optimal has had more success in Europe and Canada than in the United States. "We needed the right partner to properly penetrate the U.S. marketplace from a sales perspective and dealing with ISOs and agents," he said.
That is essentially the same scenario for Meritus, only in reverse. "We've been really focused in the U.S., and now we have the ability to have our sales partners access not only Canada but Europe," Kleinman said.
Kleinman added that Meritus' merchants had been asking for a way to accept international payments, and Optimal provides Meritus the tools to do just that. "Both Optimal and ourselves really focus in the card-not-present world," he said. "There are no physical boundaries to where our clients operate. And so with that, having a single solution that enables these merchants to process throughout the world is very powerful."
Chafinoff agreed. "What happens typically and traditionally from an e-commerce perspective is that merchants just don't necessarily want to service just an individual geography or niche," he said. "They want to be able to go global and have local acquiring and local payment processing in the various communities in which they operate."
Unlike brick-and-mortar merchants, e-commerce businesses are not hampered by restrictions imposed on them by physical geographies. "In that regard, the more countries, or the more jurisdictions that you can offer local payment processing for and the more products and services you can provide, you can be a one-stop shop for their payment and risk management requirements," Chafinoff said.
Place your bets
Optimal operates the Neteller e-wallet, which is reportedly used by consumers in over 180 countries. The virtual wallet is integrated into online gambling sites, allowing horse race enthusiasts and gamblers in games of chance, for instance, to bet online. Meritus does not operate in the relatively small online gambling market in the United States. But, by acquiring the California-based ISO, Optimal gains a strategic foothold in a state that may eventually legalize online gambling.
The United States is governed by the Unlawful Internet Gambling Enforcement Act, which passed into law in 2006. It seeks to cut off the flow of revenue to illegal Internet gambling businesses by prohibiting U.S. banks and processors from facilitating online gambling transactions.
However, Doug Lewin, Executive Vice President at Optimal, said the UIGEA allows for individual states to offer online gambling to its residents. Nevada, New Jersey and Delaware already allow for it, with more populated states like California and New York hopefully following suit, Lewin added.
Development of online gambling has been a "slower process than if the United States passed one federal bill, but our sense is that over time many states will legalize and regulate online gaming," Lewin said.
Kleinman pointed out that Optimal is more than just an online gambling processor. "And that's what really excites us," he said. "So whether it's gaming transactions or e-commerce transactions, they work with a number of the big brands out there, in some of the regions of Canada and Europe. So our ability to access their infrastructure and product offering really enables us to provide a more well-rounded suite of products to the ISO, MLS community."
"It's very exciting for both teams," Chafinoff said. "Both teams have proven track records and are very dynamic and enthusiastic about what we can do together. Like we said, it's about the geographical reach. It's about the product offering. And it's taking advantage of a situation where one plus one can equal much more than two."
ETA seeks Operation Choke Point petition signatures
Thursday, July 17, 2014
O n Friday, July 18, the Electronic Transactions Association will submit the first round of signatures gathered in a petition advising Congress to curtail the federal law enforcement initiative Operation Choke Point. The initiative holds payments companies responsible for merchant fraud. Members of the payments industry are encouraged to sign the ETA petition by visiting https://www.change.org/petitions/u-s-house-of-representatives-tell-congress-operation-choke-point-is-choking-off-legitimate-commerce .
In early 2013, the Department of Justice launched what became known as Operation Choke Point, representing an expansive investigation of banks and payment processors, with the objective of combating fraud by choking out fraudulent merchants' access to payment systems.
"Although well intentioned, the federal agencies supporting Operation Choke Point are aiming in the wrong direction," said Jason Oxman, Chief Executive Officer of the ETA. "By targeting payments companies instead of fraudulent merchants, the Financial Fraud Enforcement Task Force is ignoring the payments industry's massive efforts to identity and eliminate fraud."
This week four congressional hearings were held to discuss concerns over Operation Choke Point, the last one July 17. The ETA testified in the July 17 hearing before the House Judiciary Subcommittee on Regulatory Reform. This will be detailed further in an upcoming article in The Green Sheet.
In-app billing at issue, again
Tuesday, July 15, 2014
T he Federal Trade Commission alleged that Amazon.com unlawfully billed parents to the tune of millions of dollars for the in-app purchases of their children. The complaint follows a similar FTC action against Apple Inc. earlier this year in which the tech giant agreed to reimburse parents for charges incurred by their children via the lucrative mobile app ecosystem.
In the July 10, 2014, complaint, the FTC charged that the online mega retailer violated the FTC Act by billing parents and other Amazon accountholders for the usually small-dollar in-app purchases made by their children without the permission of parents or other accountholders. "Amazon’s setup allowed children playing these kids’ games to spend unlimited amounts of money to pay for virtual items within the apps such as 'coins,' 'stars,' and 'acorns' without parental involvement," the FTC said.
The complaint stated that when Amazon introduced in-app payments via the
Amazon Appstore in November 2011, no user authentication mechanism, such as passwords, was used by Amazon to ensure the proper accountholders were conducting in-app transactions, including transactions for games and other apps that appeal to children. The FTC said this lack of authentication resulted in parents having to "foot the bill for charges they didn’t authorize."
The FTC noted that children’s games, like "Ice Age Village," blur the line of "what costs virtual currency and what costs real money" for gamers. In the case of "Ice Age Village," gamers can collect "acorns" as part of advancement through the game. However, gamers can also purchase by some electronic payment account additional “coins” and “acorns” via an in-app screen "visually similar to the one that has no real-money charge," the FTC said.
House on fire?
The FTC also furnished internal communications among Amazon employees beginning in December 2011 that suggest Amazon knew the lack of authentication controls was problematic. The FTC quoted from one communication as saying that allowing unlimited in-app charges without password protection would negatively impact a large percentage of Amazon customers.
The complaint reported that Amazon updated its in-app payment system in March 2012 to require accountholders to enter passwords for in-app purchases, but only for charges over $20. The FTC stated that Amazon continued to allow for unlimited in-app purchases under $20, which permitted children to charge their parents' accounts without first getting parental approval.
The FTC disclosed one Amazon employee communication that stated it is '"much easier to get upset about Amazon letting your child purchase a $99 product without any password protection than a $20 product.” (According to the FTC, the largest in-app purchase amount allowed by Amazon is $99.99.)
The FTC cited instances where, via internal emails, Amazon employees characterized the gaps of in-app user authentication as creating a "house on fire” situation. It was only in June 2014, as the FTC was forming its complaint against Amazon, that the e-commerce giant modified its in-app policy so that Amazon had to obtain accountholders’ informed consent for in-app charges on newer Kindle Fire mobile devices.
Bobbing for 'app'-les
In January 2014, Apple settled with the FTC over a similar issue. Apple agreed to refund a minimum of $32.5 million to consumers who had been charged for the unauthorized in-app payment activity of their children.
The FTC alleged Apple violated the FTC Act by undermining parental control. The commission said Apple failed to inform parents that by entering a password they were approving not only a single in-app purchase but also 15 minutes of additional unlimited purchases their children could make without further action taken by parents.
According to the FTC, Apple often presented a screen with a prompt for parents to enter passwords for their children without explaining to accountholders that password entry finalized all in-app purchases. The commission said one consumer reported that her child had spent $2,600 in the app “Tap Pet Hotel,” while other consumers reported unauthorized purchases by children totaling over $500 in the apps “Dragon Story” and “Tiny Zoo Friends.”
AmEx defends merchant pricing in court
Friday, July 11, 2014
T he American Express Co., long criticized for the high fees it charges merchants who accept AmEx cards, is now defending those fees, along with its anti-steering rules in U.S. District Court in New York. The case, which a judge began hearing on July 7, 2014, is all that remains of a massive anti-trust suit filed in 2010 by the U.S. Department of Justice and several state attorneys general challenging AmEx, MasterCard Worldwide and Visa Inc. rules banning merchants from "steering customers" to less costly payment options.
MasterCard and Visa almost immediately reached multibillion-dollar out-of-court settlements with the DOJ and the states; AmEx did not. The DOJ contends that AmEx's no-steering rules are anti-competitive because AmEx cards are too important for some merchants (especially those in travel and entertainment) not to accept. "AmEx's rules have plain anti-competitive effects: they restrain the price competition that would otherwise discipline card networks from charging merchants higher fees – fees that merchants' customers ultimately pay as higher retail prices," Justice Department lawyers explained in a pretrial memorandum.
AmEx countered that with over 53 million cards in consumers' wallets, its market share is minor and that the fees it charges are necessary to recoup costs such as fraud control and cardholder rewards. The card company added that most AmEx cardholders typically carry other cards – notably MasterCard and Visa cards – that they can just as easily use to pay for purchases. It just doesn't want merchants encouraging customers to use those other cards in lieu of AmEx cards. AmEx does allow merchants to negotiate surcharging authority, but they must also surcharge MasterCard and Visa card payments.
AmEx also believes it should not be held to the same standards as MasterCard and Visa because, unlike those brands, it must sell both merchants and their customers on using AmEx cards.
DOJ's point of view
"While it is certainly true that card networks need both cardholders and merchants, there is no precedent to support AmEx's position that plainly anti-competitive practices harming merchants – and ultimately tens of millions of their customers (including those who pay with other credit cards, debit cards, checks or cash) – can be excused because AmEx rewards a fraction of those customers (i.e., its cardholders) with some of the bounty that AmEx reaps from avoiding price competition," the DOJ stated in its pretrial memorandum.
The DOJ further challenged AmEx's assertions by producing AmEx documents detailing pricing negotiations with several major airlines. Those documents, dating back to 2008, described AmEx's shares of various airlines' corporate charge volume as being at or near 60 percent. They also describe proprietary research indicating that 86 percent of AmEx cardholders will not fly on airlines that don't accept AmEx plastic.
The presentation of evidence and legal arguments is expected to take at least two months, according to published reports. The judge in the case could reach a decision by year end.
HCE payments face security, end-user hurdles
Tuesday, July 8, 2014
H ost card emulation (HCE) technology is considered a promising new mobile payment scheme because it facilitates in-store contactless payments without transactions having to pass through the costly real estate of the secure element (SE) embedded in smart devices. But a recent SIMalliance Ltd. white paper details limitations of HCE, including lack of security and the very practical shortcoming that if an end user's mobile device runs out of battery life, the HCE-enabled transaction cannot be completed.
In Secure Element Deployment & Host Card Emulation v1.0, the London-based mobile payments association SIMalliance explained that HCE is beneficial for the near field communication (NFC) ecosystem as a whole because it encourages end-user adoption and developers writing NFC-based applications. However, HCE's main advantage, that it circumvents the SE controlled by the mobile communication firms, also means that HCE transactions do not benefit from the same level of security provided by the SE.
SE versus HCE
Like payments that flow through the SE, HCE relies on NFC communication between smart devices and POS terminals. But, unlike the hardware-based security of the SE, the HCE scheme bypasses the SE for the cloud, where payment credentials are stored, but are more vulnerable to cyber theft.
SIMalliance said, "HCE does not provide any specific hardware- or software-based security services; it behaves just like any other Android application and does not, therefore, offer the same level of security as conventional contactless smart card applications."
Because of this security limitation, and other drawbacks, HCE is currently best employed in lower-value environments, such as for closed-loop gift cards, where sensitive customer data is not at risk, SIMalliance added. Consequently, the association regards such schemes as open-loop payments, where credit and debit cards (and their associated account details) are employed, should be off limits to HCE.
"HCE is best suited to use cases where the user's stored credentials are of low value and where the emulated NFC application is not based on direct implementation of a current, pre-existing card application," SIMalliance said.
HCE and Android
In October 2013, Google added HCE functionality to its latest version of the Android operating system, called KitKat. SIMalliance pointed out that Android is the most attacked mobile environment to date, and by a substantial margin. SIMalliance cited the CISCO 2013 Annual Security Report as saying that 99 percent of all malware is aimed at Android.
SIMalliance also noted research from McAfee Labs that said, "Threats against other mobile operating systems, including Apple's iOS, are insignificant compared with malicious Android apps." That report added that in the third quarter of 2013, Android was the target of over 680,000 malware applications, a number which had grown by one third over the previous quarter.
This vulnerability to fraud is not shared by SE-based applications. "[T]here are no demonstrated instances of unauthorized access to, or duplication of, the sensitive data stored in a SE," SIMalliance said.
Power pitfalls of HCE
Other HCE shortcomings apparently exist. HCE payments that rely on the cloud also rely on the reliability of those networks. "An NFC transaction requiring back and forth exchanges with its corresponding IT system in the cloud, for example, will bring a critical dependence on the quality of the mobile network coverage or in-store Wi-Fi speeds, either of which could negatively impact transaction times at the point of sale," SIMalliance stated.
And what about consumers' concern about making payments with smart devices when battery life is low? In the case of HCE, the smart device relies on its own power to facilitate transactions, according to SIMalliance. If the device's battery is sufficiently drained, the payment cannot be made.
But SE-based payments are evidently a different story, as contactless readers or POS terminals can complete transactions even if mobile devices are turned off or batteries are low. "This SE functionality, known as 'low power mode,' means that a user can still rely on their device as a payment instrument even when it is otherwise unusable," the alliance said. "This feature has clear and far reaching implications for end-user convenience."
It is another pitfall of HCE that, as a software solution, its workability is dependent on the functioning of an entire ecosystem. "The fact that HCE is not a standalone piece of hardware but it is an integrated component in the Android OS (together, potentially, with other OSs in the future) is s serious challenge," SIMalliance said.
View prior breaking news