GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Light alleviating a dark decline

News

Industry Update

Legislative outlook: Interchange bills less likely than ID fraud rules

First Data's composite security system - a game changer?

TSYS, FNBO enter joint venture

Trade Association News

Features

GS Advisory Board:
Positive economic signs and actions - Part 1

Online banking in Canada:
What happens next?

Joseph Iuso
UseMyServices Inc.

Research Rundown

Selling Prepaid

Prepaid in brief

Win-win scenarios abound at Prepaid Expo

Views

Are banks losing grip on payments?

Patti Murphy
The Takoma Group

Dial or smile

Justin Milmeister
Elite Merchant Solutions

Payments industry issues:
First quarter 2010

Brandes Elitch
CrossCheck Inc.

Education

Street SmartsSM:
Parting thoughts for readers

Jon Perry and Vanessa Lang
Merchant Services Inc., Texas

Police warn of new skimming devices

Nicholas Cucci
Network Merchants Inc.

Ripples on the mobile Web

Dale S. Laszig
Castles Technology Co. Ltd.

Digging into PCI - Part 9:
Restrict physical access to cardholder data

Tim Cranny
Panoptic Security Inc.

Company Profile

Retail Decisions Inc.

New Products

A mobile payments bundle

MerchantWARE Mobile
Company: Merchant Warehouse

Statistical analysis of prepaid

The Stats Tool
Company: Stanton Consultancy Ltd.

Inspiration

Unleash the power of networking

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

March 22, 2010  •  Issue 10:03:02

previous next

Payments industry issues:
First quarter 2010

By Brandes Elitch

It seems change is coming faster and faster, as every month brings new issues to the fore in the payments industry. This article discusses a few of them, starting with the Credit Card Accountability, Responsibility and Disclosure Act of 2009 (the Credit CARD Act), which went into effect Feb. 22, 2010.

The Credit CARD Act

The new act makes the credit card business less profitable, but also less risky. It prohibits banks from raising rates or fees quickly, and if they do, gives consumers more time to opt out of agreements and more time to pay off their balances.

Large issuers traditionally found the card business generated four times the return on assets as did the traditional lending business, but in their scramble to subsidize frequent flyer programs and combat attrition, they went further and further down the credit ladder, getting themselves into the current unpleasantness.

In 2009, credit cards provided $23 billion in fees. In the last year, interest rates have climbed dramatically and now average over 14 percent, according to CreditCards.com.

Losses and delinquencies have gone up dramatically - just look at Bank of America Corp. Last year it collected $20 billion in interest and another $9 billion in fees from 40 million credit card customers and still lost $5.6 billion because of bad debt provisioning and chargeoffs.

Possible reasons for this are poor management or a severely flawed business model, or both. BofA said the CARD Act will cost it up to $800 million in ongoing revenue. Citibank Corp. said it will lose from $400 million to $600 million as a result of the act. JPMorgan Chase & Co. quoted a similar number.

But this isn't the real problem. Two large shifts will affect not just issuing banks, but ISOs as well. First, consumers are paying off credit card debt with a vengeance (revolving credit declined 20 percent last November, the largest drop in history.) ISOs have traditionally relied on interchange from credit card transactions to pay the freight.

Second, consumers are replacing credit with debit; this will lower the interchange income, which is the mainstay of the ISO revenue stream.

Authentication and data management

Many consumers are renegotiating their debt rather than filing for bankruptcy. A while back, three of the five largest collection agencies (including legal giant Wolpoff & Abramson LLP) started Mann Bracken LLP in Maryland to handle this business.

Here is the lead sentence to a Jan. 15, 2010, PaymentsSource article by Darren Waggoner: "An estimated 20,000 to 25,000 collection lawsuits filed in Maryland will be dismissed as a result of the collapse of legal collection giant Mann Bracken LLP, the Maryland District Court Chief Judge Ben Clyburn's office confirmed."

The judge stated that while some dismissed cases could be refiled, it was not fair to leave the current cases pending because Mann Bracken "has been irresponsible." Mann Bracken could not provide any phone, computer, staffing or support when it closed its doors. Can you imagine a court dismissing 25,000 lawsuits - and how much work went into each one?

This speaks to multiple issues, one of which is the ability to provide a safe haven for financial transactions and a secure permanent archive for the information surrounding them. A void exists in this space, offering an opportunity for a solution (I'm already working on it).

Even more basic is the concept of designing the right authentication protocol for financial transactions. Here, the most recent news was an article about Visa Inc.'s Verified by Visa written by Steven Murdoch and Ross Anderson of the University of Cambridge Computer Lab.

I have always thought this product was flawed, but I was focusing on the business case. These authors believe it is "fundamentally flawed" from a security standpoint; it is "a textbook example of how not to design an authentication protocol. ... It ignores good design principles and has significant vulnerabilities, some of which are already being exploited."

The authors wrote that the Verified by Visa protocol 3-D Secure (3DS) "has lousy technology ... the main problem is that the system trains shoppers in bad habits.

There's no visual verification for the buyer that their password is being protected." (It is vulnerable to phishing, and the password activation process is flawed, as only poor authenticators are used, such as birth date.)

"3DS ignores other lessons learnt from earlier systems," they stated. "The result is that customers receive little benefit in security, while suffering a huge increase in their liability for fraud. They are also trained in unsafe behavior online. Verified by Visa trains cardholders to enter ATM PINs at terminals in shops; training them to enter PINs at random e-commerce sites is just grossly negligent."

If you want to pay with a debit card rather than a credit card, this is important, because you cannot pay with a debit card online unless you can swipe the card and have triple DES encryption. The authors concluded that regulators are needed "to intervene on behalf of the consumer and to make secure electronic signatures compulsory."

As always, there is another side: 3DS has hundreds of millions of accounts, so Visa got the economics right; could it be that this was Visa's focus all along?

Retail payments

I encourage you to sign up for the Retail Systems Research LLC newsletter (www.retailsystemsresearch.com). Most ISOs serve the retail sector, and to be successful you must understand the present retail environment and anticipate the future one - what an impossible task!

In RSR's Feb. 23 issue, Managing Partner Paula Rosenblum wrote about designing technology for agility. "Our technology infrastructures really do have to become extensible," she stated. "The 'hairball' legacy architectures most of us have will not serve - nor will any architecture that imposes serious inhibitors on change and evolution. We have to remember that we don't know what we don't know ... and build for it.

"I'm not sure we'll have time to make standards for these new technologies that come along. Instead, we'll have to adjust to them, rather than them adjusting to us. That's scary, but it's actually really, really cool. And scary or not, it's the way it is. We live in very interesting times."

Right now, retailers are grappling with the sales and loyalty opportunities connected with social networking; one retailer reported a 10 percent sales increase just from user generated content. Remember, retailers need to take any form of payment consumers want to tender. There will be many new developments in this space over the next year. As an ISO, you must be up to speed on all of them.

The Fairchild way of company building

ISOs are entrepreneurial; many people running them have built their own companies. Until now, there has been no effort to chronicle the history of the ISO industry, but it would be an interesting story. (Anybody want to help me do it?)

Consider the computer industry. It wasn't until 1996 that a Computer History Museum was established in Silicon Valley (that area around Stanford University in Palo Alto where it all started about 40 years earlier).

According to the museum, it is "the world's largest and most significant history museum for preserving and presenting the computing revolution and its impact on the human experience. Its collection comprises over 13,000 objects, 20,000 images, 5,000 moving images, 4,000 linear feed of cataloged documentation, and 5,000 titles or several hundred gigabytes of software."

All this got its start in 1957, when eight young engineers, called the "Traitorous Eight," abandoned William Shockley's semiconductor firm en masse and formed Fairchild Semiconductor Corp. (Shockley won the Nobel Prize in Physics in 1956.) Among the eight were Gordon Moore (Moore's Law); Robert Noyce, the co-inventor of the integrated circuit; and Jean Hoerni, the inventor of the silicon process.

Fairchild spawned more than 66 Silicon Valley companies, including Intel Corp., Advanced Micro Devices Inc. and National Semiconductor Corp. Fairchild invented the Planar Process in 1959, which revolutionized the production of semiconductor devices and enabled the production of today's microprocessor and memory chips.

The firm was overtaken in the market by competitors (managed by its cadre of ex-Fairchild employees) and was absorbed into National Semiconductor in 1987 before being spun off as an independent company.

Fairchild can stand as a model to be emulated by any ISO. You might think it is in an altogether different space from ISOs, but you would be wrong. Just like Moore predicted at the inception of Fairchild, in the payments space device complexity is increasing at a consistent rate and will continue to do so into the future.

Fairchild hired an ex-IBM engineer to establish a digital systems department for new applications (to take the firm beyond its traditional base of military and aerospace customers). ISO owners who want to survive the next 10 years had better think hard about what new kinds of customers and applications they will need to serve.

Building an ISO is not just about signing accounts and then selling them to an account buyer. It is about building a sustainable competitive advantage, having a unique selling proposition, knowing how to sell and adding real value to your customers. In a rapidly changing environment, Fairchild knew how to do this - do you?

Brandes Elitch, Director of Partner Acquisition for CrossCheck Inc., has been a cash management practitioner for several Fortune 500 companies, sold cash management services for major banks and served as a consultant to bankcard acquirers. A Certified Cash Manager and Accredited ACH Professional, Brandes has a Master's in Business Administration from New York University and a Juris Doctor from Santa Clara University. He can be reached at brandese@cross-check.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems