Retail Payments Risk Forum
Font Size: A A A

Portals and Rails

August 11, 2014

Improving Mobile Security with Biometrics

During the last year, the release of two smartphones with fingerprint readers by two different manufacturers was met with a lot of excitement. People in the payments industry were keen on the ability of the new phones to better authenticate mobile payments. Fingerprints are one of several biometric methods used today to supplement passwords.

Fingerprint

Biometrics refers to techniques that use measurable physical characteristics that lend themselves to automated checking techniques. In addition to fingerprints and vein recognition, biometrics can include voice, facial, and iris recognition, and even DNA matching, among others.

As the Federal Reserve's report Consumers and Mobile Financial Services 2014 noted, consumers' security concerns are a big barrier to the adoption of mobile banking. Mobile proponents believe this barrier can be reduced with the additional security features that mobile phones can provide, along with consumer education. There is no question that the mobile phone offers a number of ways to authenticate the user more positively, using both overt and covert methods. One well-known covert option is the smartphone's geolocation function, which allows verification that the phone is in the location it's supposed to be. Another covert method is "device fingerprinting," whereby a number of digital characteristics about the consumer's phone can be captured and used to verify that the phone being used is the one originally registered.

The most common overt biometric methods being tested today are fingerprint and facial recognition. While only a small number of mobile phones in use today in the United States have fingerprint readers, the vast majority have a camera that could support a facial recognition application. Both of these biometric methods are minimally invasive.

The key difference between biometric verification and user ID and password verification creates the greatest challenge for implementing biometrics authentication: with passwords, unless there is a 100 percent match between the data on file and the data the user enters in trying to gain access, the request is automatically rejected. It may be the legitimate user trying to gain access but maybe he or she forgot the password. Nevertheless, the system rules block access until the user's identity can be authenticated through some other means. On the other hand, the nature of biometrics is such that a 100 percent match between the stored template value and the live template value is rare—possibly because of differences in lighting conditions or angles when biometric measurements are made, or differences between readers, or some other reason. To deal with this gap, the manager of each application has to determine an acceptable accuracy level for both false-positives (whereby a party incorrectly matched is authorized) and false-negatives (whereby the authentic party is denied access). Naturally, false-positives pose the greater threat. False-negatives generally just involve some level of inconvenience until the individual can be authenticated and provided access.

No matter what biometric authentication methodology a system uses, the most important step is validating each customer's biometrics upon enrollment in the program. We will discuss this issue and other challenges for biometric programs in future issues of Portals and Rails.

 

Photo of Douglas A. KingBy Dave Lott, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

August 11, 2014 in authentication, biometrics, innovation, mobile payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a511f452e8970c

Listed below are links to blogs that reference Improving Mobile Security with Biometrics:

Comments

Dave,
PKI based digital certificates can also be used to secure mobile devices and provide a far more reliable means of device ID than geolocation or device fingerprinting

Posted by: Doug Parr | August 19, 2014 at 08:48 AM

When considering usability of biometric authentication on a mobile phone, there is no more "minimally invasive" method than voice biometrics. These devices are first and foremost voice-enabled.

Posted by: Brian Moore | August 12, 2014 at 01:00 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

July 28, 2014

Where's the Mobile Payment?

I was a big fan of the '80s Wendy's commercials that featured an older woman uttering the phrase, "Where's the beef?" I recently found myself muttering something similar to myself: "Where's the mobile payment?" In early July, I came across the American Banker website headline "Six Fintech Startups That Wowed Bankers." The article highlighted six tech startups that recently pitched their financial products and services to executives from 15 of the largest banks at a one-day event. I was expecting to read about several mobile payment or mobile wallet startups, but surprisingly, none were mentioned.

According to the article's author, for a fintech startup to capture a banking executive's attention, it must address a need in the marketplace that few others are meeting. Could it be that the executives don't view mobile proximity payments as a customer need? I recently blogged about mobile payments fatigue and received some mixed feedback—but I heard little from our banking community readers. From a mobile payments perspective, they are extremely active in both person-to-person and bill payment initiatives. But outside of a few limited pilot programs, financial institutions have made little noise regarding mobile proximity payments or mobile wallets.

Given the prominent role financial institutions are playing in mobile payments through person-to-person and bill payments, why aren't they actively participating in proximity payments at retailers? Are they failing to meet the needs of their customers? According to the J.D. Power 2014 Retail Banking Study, customer satisfaction with banks is at an all-time high. And though the study found that some banks are falling short of meeting their customers' needs, the large banks covered in the survey experienced a significant rise in customer satisfaction scores, leading me to believe these banks are doing as good of a job as ever in listening to their customers and fulfilling their needs.

Is it possible that there isn't currently a driving consumer need for banks to deliver a mobile proximity payment or mobile wallet solution? My colleague Dave Lott suggested earlier this year that for mobile adoption to take place, the experience needs to follow Andy Grove's 10x rule and be 10 times better than what consumers are used to. What do you think it will take to catch the eyes of banking executives in the mobile proximity payments space?

Photo of Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

July 28, 2014 in innovation, mobile banking | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a511eb09ff970c

Listed below are links to blogs that reference Where's the Mobile Payment?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

June 02, 2014

Mobile Payments Fatigue

When I was an elementary school-aged kid, I looked forward to coming home from school and grabbing an ice cold Coca-Cola and a snack before venturing out into the neighborhood to play. And while I can't remember the exact discussions I had with friends around the lunch table when I was that age, I do remember our anticipation of the launch of New Coke in 1985. And oh my, how much my friends and I were disappointed when our lips first met New Coke. My reaction, with most others, was that we wanted our "old" Coke back.

Fast forward nearly 30 years and now my lunch discussions often revolve around payments. Each day I am reminded of my New Coke experience via an e-mail or news article touting or predicting an explosion in mobile payments. I'll admit it—I'm getting mobile payments fatigue. The payments industry has been anticipating mobile payments for years now, yet I find the developments to date mostly disappointing. Sure, I've made plenty of payments using a mobile device to purchase digital goods or even to purchase physical goods in an online marketplace. But outside of a few experiences of purchasing coffee with a closed-loop solution, my mobile device stays in my pocket when I'm making a purchase at the point-of-sale (POS) as I take out my reliable cards or cash.

And that is where my New Coke analogy comes into play. To many people, nothing was wrong with Coca-Cola, yet the coolness of a new product created a great level of expectation—which turned to immense disappointment. At the POS, payments are relatively seamless, yet the newness of mobile payments creates great anticipation, only to end up being disappointing and leaving me thinking, "What's wrong with my current payment choices?"

So much attention on mobile is focused on replacing a current payment form at the POS—perhaps the most seamless piece of the commerce experience. Often in mobile payment discussions, I hear that mobile payments are a technology solution looking for a problem rather than trying to solve a problem. However, I think the industry is looking in the wrong place as the problem isn't with the payment. It's with the overall experience in and around the POS. I believe mobile devices have the ability to transform this experience, but it's not by replacing my cards or cash as a payment method. It's by replacing the entire commerce experience. Are you experiencing mobile payment fatigue? And if so, what will it take to energize you?

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

June 2, 2014 in emerging payments, innovation, mobile payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a3fd157164970b

Listed below are links to blogs that reference Mobile Payments Fatigue:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

May 12, 2014

The Art of Balancing Innovation and Regulation

Several factors have converged in recent years to add complexity to the regulatory oversight of retail payments. These elements include new regulation and oversight along with technology advances that have created new payment types. The challenge for regulators in an environment with an abundance of innovation is to align that innovation with appropriate regulation to ensure consumer protection, data security, and fraud mitigation, and to retain consumer confidence in payments.

The 2008 financial crisis led to an increased focus within the regulatory framework on retail payment risk factors. One new regulation was the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank). Dodd-Frank led to many changes—including the creation of a regulatory agency, the Consumer Financial Protection Bureau (CFPB), to focus exclusively on consumer protection. Since the CFPB was created, two of the payments types it has identified as deserving of its oversight are remittances and prepaid cards.

At the same time, evolving technology continues to change the nature of how consumers make payments—moving from the physical to the virtual—and has increased consumers' expectations for speed, control, information, and transparency. Options available for consumers to make payments and for businesses and financial institutions to participate in offering payment services have multiplied as Internet and mobile evolved, cloud-based solutions progressed, and virtual currencies expanded.

Technological advances have led to a retail payments system that is more transparent than ever before, in which all types of entities, from start-up companies to financial institutions, are able to innovate. Nonbank entities are flourishing in retail payments, challenging the historic role of financial institutions as primary payment participants by offering payments products and services in an ever-more complex payments landscape.

While some participants complain that there is too much regulation of payments practices, others call for more or different regulation when problems arise. Still others call for change because they believe the playing field is not level for all participants. Sometimes regulation can be a catalyst for innovation by legitimizing a payments practice after clarifying requirements for all participants. Whatever your perspective, it is a complex undertaking to attain the delicate balance between innovation and oversight.

Photo of Deborah ShawBy Deborah Shaw, a payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

May 12, 2014 in innovation, mobile payments, regulations, regulators | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73dc1c139970d

Listed below are links to blogs that reference The Art of Balancing Innovation and Regulation :

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 31, 2014

Ignore Millennials at Your Own Risk

At a recent conference primarily for credit unions and small banks, I participated in an interesting discussion about the future role of banks and legacy payments for person-to-person (P2P) payments. Few of the attendants offered a P2P solution as part of their online or mobile banking platform and those that did claimed the product was seldom used, if at all. There was consensus that a majority of their customers just aren't interested in this product.

I recently wrote on this topic, hailing the check as an efficient form of P2P payment thanks in large part to mobile remote deposit capture. But perhaps my experience of writing a check to a 20-something babysitter was more of an anomaly than the norm. A recent survey that GOBanking Rates conducted reveals that nearly 40 percent of consumer banking customers never write checks and 61 percent of banking customers between the ages of 18 and 24 claim to never write checks. Another survey of 10,000 millennials (those born from 1981 to 2000) reveals that the banking industry is at the highest risk of disruption. Seventy percent of the respondents believe that the way we pay for things in five years will be totally different. One in three of the respondents believe they will not need a bank.

So what can financial institutions take away from my experience and these surveys? Two things stand out to me. First, there are still banking customers (young ones included) that continue to write checks or prefer to receive checks over alternatives from banks and nonbanks. Though I fully expect check usage to continue to decline, the complete demise of the check is a fantasy. Second, and most important, financial institutions that choose not to evolve in the payments space risk disintermediation or even becoming irrelevant. While their customers today may not want specific products or payment capabilities, the reality is that the makeup of a majority of these customers today won't be the same as in the future. A generation of potentially new customers has a very different view on payments and banking. Ignoring these future customers will lead to harsh realities for financial institutions. What is your institution doing in terms of payments to attract and keep millennials and avoid becoming a dinosaur?

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 31, 2014 in banks and banking, emerging payments, innovation | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a3fce35a78970b

Listed below are links to blogs that reference Ignore Millennials at Your Own Risk:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 17, 2014

The Challenge to Create an Awesome Mobile Payments Experience

Almost every year for the last decade, those who have followed the mobile payments industry have heard the expectant statement, "This is the year for mobile payments." This year is no exception. We see the stories about mass adoption of mobile payments in other parts of the world, so we wonder, why not here in the United States? A U.S.-centric mobile payments conference I attended recently had as a recurring theme the notion that mobile payments in the United States had not yet caught on because providers had not yet developed an overall package of elements that would create a compelling mobile experience for the user.

In 1998, former Intel chief executive officer Andy Grove, coined the term "strategic inflection point" to describe a fundamental change in any business, technological or not. He said that for a change to achieve mass adoption by consumers, it had to be at least 10 times better than consumers' current experience—something Grove referred to as the "10X" factor. Achieving the 10X factor for mobile payments will likely involve lower costs, increased comfort with security and privacy, new functionality, enhanced user friendliness, increased convenience, or a "cool" factor, such as new technology often offers.

Conference panelists in general shared the view that the payment transaction itself is one small—but critical—element of the overall mobile experience. One point they made is that, because of their experience with other payment methods, consumers expect the mobile payment to be secure, fast, and accurate. These panelists echoed the work of the Mobile Payments Industry Workgroup (MPIW), a joint endeavor between the Federal Reserve Banks of Boston and Atlanta and the major stakeholders in the U.S. mobile ecosystem. The MPIW was created four years ago to facilitate the development of a vision for a mobile payments environment that will be effective, secure, and ubiquitous. This group has met frequently to address the issues of technology, standards, security, privacy, functionality, regulation, and adoption barriers. You can read results of these efforts on the Boston Fed's website.

Smartphone penetration levels continue to rise and are expected to approach saturation level within the next five years. Nevertheless, consumer research studies consistently show that not only are consumers very concerned about security and privacy when it comes to using their smartphones for mobile banking and payments, but they also are highly satisfied with their current payment method. The industry can address the security and privacy issues through a strong consumer education and awareness campaign. However, moving consumers from their current habits will require the achievement of a strategic inflection point—something that many payments industry stakeholders have tried to achieve over the years but have failed to do so.

Portals and Rails would like to know what you think are the other elements of the overall mobile experience needed to achieve the 10X factor?

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 17, 2014 in innovation, mobile payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a511875735970c

Listed below are links to blogs that reference The Challenge to Create an Awesome Mobile Payments Experience:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

February 18, 2014

The Mythical End State of Security

As a proponent of secure payments, I am happy to see the EMV (chip card technology) discussion take center stage with national media outlets and on the Hill after the recent revelation of data breaches involving payment card data at merchants. Having written and spoken extensively on the benefits (as well as the shortcomings) of migrating to the EMV standard here in the United States, I am a strong believer in EMV's ability to reduce counterfeit card-present fraud. But I do feel that a bigger story is getting lost in these EMV discussions—that of payment card data security.

Security approaches are not static, but must be constantly improving and evolving, thanks in large part to a rapidly changing technology environment and evolving tactics of criminals. A solution that is implemented today will more than likely become obsolete or in need of additional investment to remain viable in the future. There is no "end state" when it comes to security. A wait-and-see approach for this hypothetical end state is flawed.

Consider my home security system to which I recently added video monitoring capabilities. This addition to my system made my upgrade to glass-breaking sensors several years ago seem like a bad investment. But had I waited for the camera technology, perhaps I would have suffered the same fate of several of my neighbors who ended up with bad guys breaking windows to gain entrance into an empty house. And though I feel better protected now than I was several years ago, I realize that it is inevitable that another upgrade with additional costs will be necessary in due time to best protect my property and family.

EMV is a solution ready to have a positive and immediate impact on reducing the value of stolen card data. And because of that, I am an advocate for its adoption in the United States according to the adoption plans set by the card networks. However, EMV alone does not provide complete protection of card data, and stolen card data retains value to fraudsters even in an EMV world. Magnetic stripes will not disappear overnight with a migration to EMV. (The UK began their migration in earnest seven years ago and mag stripes are still commonly found on their cards.) And stolen card data can easily be used in the card-not-present environment.

The payment industry must strive to secure payments data so that data stolen from breaches cannot be exploited for monetary value by criminals. Until the industry does that, it is reasonable to believe that data breaches and the subsequent effort to monetize the information will continue. EMV is a step in the right direction, but it is not the final and only step. EMV will be costly to implement. It will not and cannot be the final investment spent on securing card payments.

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

February 18, 2014 in chip-and-pin, EMV, innovation | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c01a73d7ac64d970d

Listed below are links to blogs that reference The Mythical End State of Security:

Comments

The largest drawback to EMV is the cost; I recently read that it would cost over eight billion dollars to change the current U.S. payment infrastructure to an EMV system. In your example, the camera system was a home security option that wasn’t feasible several years ago because of price and technology issues. Could it be possible that something like PayPal’s new payment method is a more logical step to address card security for the time being? PayPal’s payment code system is able to work with retailers existing barcode scanners and pin pads and provides more security to POS transactions than a mag-strip. This would allow for increased card security, at a reasonable cost, while the industry decides what the next best option is.

Posted by: Karen Gordon | March 17, 2014 at 12:42 PM

Douglas,

Like you, I'm glad to see that the key participants and contributors to the US payment system are recognizing the need for improvement in card data security and considering how EMV might help. I also support your contention that EMV is neither a comprehensive nor final solution. Why isn't the Fed taking a proactive role to research solutions that would eliminate the capture and transfer of card data and thus remove the risks from the points of sale altogether? There are already some interesting products in the marketplace that enable this approach and it seems a better investment for the short and long term.

Posted by: Gary Yamamura | February 18, 2014 at 10:10 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 24, 2013

Using Analytics to Improve Credit Quality

With consumer credit products such as mortgages and payday loans occupying headlines, credit card portfolios have been quietly and steadily marching towards improvement in quality over the last three years, according to data released by the Fed’s Board of Governors. As the chart shows, seasonally adjusted charge-off rates are down to 3.9 percent, and delinquency rates are at 2.6 percent for the largest 100 commercial banks in the United States, the lowest rate since the Federal Reserve began tracking this statistic at the start of 1991.

Credit Card Charge-Offs and Delinquency Rates: Top 100 US Commercial Banks

But how have credit card issuers been able to improve the quality and profitability of their card portfolio since the severe economic impact felt by all during the recession? One of the many tools the Board identified—and one cited by portfolio managers—is the increasing use of analytics. Issuers collect and comb vast amounts of data from a variety of sources to ensure that cardholders are equipped to manage their balances.

Credit issuers use analytics for a variety of purposes, including establishing credit limits, monitoring ongoing credit quality, targeting marketing efforts, and detecting fraud. They perform analytics at the individual cardholder level—looking at credit history and purchasing patterns, for example—as well as at the customer segmentation level to identify correlations between certain data elements and indicators of potential changes in credit quality. The increased power of these analytical tools over the last decade is due primarily to the incredible advancements in data collection and analysis technology. These advances have provided issuers with the ability to run sophisticated "what if" models to determine how changes in various key attributes of cardholders or in the overall economic environment will affect the quality of their portfolio.

Clearly, many of the issuers have taken other proven steps to improve the credit quality of their portfolios: they’ve reduced credit lines and increased payment monitoring management for existing accounts during and after the recession. And they applied more stringent credit policies, making it more difficult for new applicants to be approved (or likelier to be approved at lower credit limits than they would have been before). These are all sound risk management techniques. But data analytics has been a very powerful additional tool, allowing issuers to make huge strides in ensuring ongoing credit quality.

How are you using increased technology capabilities to improve your risk management capabilities?

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 24, 2013 in cards, debt, innovation, payments study | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019aff958780970c

Listed below are links to blogs that reference Using Analytics to Improve Credit Quality:

Comments

Data and analytics can provide a competitive advantage for financial institutions (FIs) of all sizes. Sophisticated models can lead to better decisions and improve your institution's risk management, marketing, price optimization, offer optimization, and more. Arguably, the most important area is risk management. FIs need to find their happy median for risk. Effective decisioning won’t be profitable if high-risk customers are approved for too many cards or approved for credit limits that will overreach their ability to pay, but FIs also don’t want to necessarily turn a consumer away due to an address discrepancy. The FIs that can most effectively leverage their data and analytics will gain the competitive edge. It appears many credit card issuers have already figured this out.

Posted by: Christina Lysacek | October 21, 2013 at 02:53 PM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

September 16, 2013

Be Sure to Dot Your I's and Cross Your T's in Vendor Agreements

A new twist on an existing issue has recently surfaced for financial institutions (FI) in managing vendor risk. Patent infringement lawsuits, which are not new to the banking community, have grown as FIs have become more dependent on vendor-provided technologies. FIs are being drawn into more legal proceedings, or the threat of them, in which a party sues for alleged infringement of a patent on a product or process that a vendor has provided the FI. In particular, allegations of infringement have targeted technology enhancements related to scanning and imaging, mobile banking and payments, data storage, debit and prepaid card production, and transaction management processes. In a number of cases, the FI pays a royalty or fee to settle the dispute and avoid further legal expenses.

Some aggressive patent infringement groups have become active over the last several years. Targeting financial services vendors and FIs, these "patent assertion entities" (PAEs) (or, more derisively, "patent trolls") are characterized in the June 2013 White House report Patent Assertion and U.S. Innovation as focusing "on aggressive litigation, using such tactics as: threatening to sue thousands of companies at once, without specific evidence of infringement against any of them; creating shell companies that make it difficult for defendants to know who is suing them; and asserting that their patents cover inventions not imagined at the time they were granted." According to the report, patent infringement lawsuits initiated by PAEs now represent 62 percent of all infringement suits—up from 29 percent just two years ago. The greatest danger from such aggressive legal action is a chilling effect on the development and adoption of innovative technologies.

So what might a financial institution do to mitigate its risk in this area? Federal and state officials are examining the problem and will likely make recommendations for policies or regulations that will provide a reasonable level of protection. However, this effort is likely to take time. In the interim, we suggest a number of potential actions for FIs and their legal counsel to evaluate. A critical element in risk management is understanding the sources of risk and their threat level. Consequently, FIs should consider a requirement in the vendor agreement that requires the vendor to immediately notify the FI of any such claims. Second, FIs should include an indemnification clause in the vendor agreement to protect themselves from being drawn into the legal dispute. And the FIs' lawyers should make sure that this clause requires vendors to stand behind the FI if the lawsuits target them for using vendor-provided technology. Lastly, FIs should consider obtaining or requiring the vendor to obtain patent infringement insurance.

Risk assessment and developing mitigation tactics should be an ongoing effort for all FIs. We would like to hear how your company is addressing this issue.

Photo of David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

September 16, 2013 in innovation, regulations | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c019aff6dfd3d970d

Listed below are links to blogs that reference Be Sure to Dot Your I's and Cross Your T's in Vendor Agreements:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

March 18, 2013

March Madness on the Hardwoods, Mobile Madness in the Payments Arena

As an avid sports fan, I am eagerly anticipating college basketball's annual rite of spring commonly known as "March Madness." This nickname for the NCAA's Men's Division I basketball tournament is derived from the amazing finishes and upsets that regularly occur during the tournament each year. A big part of the intrigue around this tournament involves millions of people that will "fill out a bracket," meaning they prognosticate the winner of every game, ultimately choosing the winner of the tournament.

As I was thinking about the upcoming tournament, I realized a similar situation is developing with mobile payments at the point of sale (POS). It seems that every day, I read an article or blog with differing viewpoints on what company, wallet, or solution will come out as the "winner" for mobile payments at the POS. This got me thinking how a "bracket" would look for the mobile payments ecosystem. Interestingly, many of the attributes usually found with the successful basketball teams in March are similar to those attributes I believe are necessary for successfully competing in the mobile payments arena.

Fundamentals are extremely important
Teams that are fundamentally sound tend to perform well in the tournament. Fundamentally sound teams run an efficient offense with a high point per possession percentage and low turnover margin, rebound well, and make a high percentage of their free throw shots.

Likewise, in the mobile proximity payments arena, I expect the winner(s) will nail down the fundamentals of the transaction that consumers and merchants alike expect: ease and quickness. Just as basketball teams can employ innovative styles or plans, mobile payment providers are also developing the latest and greatest add-on to the payments experience. However, if both fail to deliver on basic fundamentals, success can be elusive.

Track record of successful risk taking
Besides excelling at the basic fundamentals, teams that make a high percentage of their three-point shots usually do well during March Madness. The three-point shot is the riskiest shot in the game, yet carries the highest reward. Teams who capitalize this risk with a high success rate are difficult to beat.

Besides the fundamentals of a payment transaction, it is no secret that consumers and merchants want more for paying with their mobile phone at the POS. Discounts, couponing, and instant offers through past purchase behavior and geolocation seem to be a major opportunity of differentiation with mobile payments. But I am not convinced these carrots are enough for any particular player to obtain widespread or mass mobile payment adoption. The player that is able to completely transform a consumer's shopping experience with the mobile phone will likely come out ahead. I believe this will require some risk taking by doing something different from the rest of the field beyond coupons, offers, and discounts. Perhaps this might be a mobile solution that allows a consumer to make a purchase and completely bypass the checkout line and POS while also updating the merchant's inventory level in real time. Established companies, as well as young companies led by teams or individuals, with a successful track record of risk taking should be considered closely.

Excellent defense
A common phrase heard in many sports, basketball included, is "defense wins championships." Basketball teams that hold their opponents to a low field goal percentage and generate a high number of turnovers have proven to be extremely difficult to beat in the tournament.

In the world of payments, defense is all about mitigating fraud. For a mobile payments solution to be successful, it must be as secure. And I could even argue that it must be more secure than current payment methods. Research has consistently shown that consumers must perceive these payments to be secure if they are going to adopt them. Secure solutions developed by companies that are trusted by consumers stand to have a solid chance to move ahead in a "mobile payment POS bracket."

The winning team
Using the same attributes of successful tournament teams and applying them to the mobile payments POS space, I think the ultimate winner of a "mobile payment POS bracket" must offer at least the following three attributes in a cost-effective manner:

  • Enable a quick and simple transaction.
  • Greatly transform the shopping experience by being unique and different.
  • Offer a secure solution that consumers will understand and trust.

More often than not, the traditional and established basketball powers come out on top of the tournament, but it's those unexpected upsets by upstarts and underdogs that put the "madness" in the NCAA Tournament. How will the situation for using mobile phones at the POS play out? Will an established payment provider come out on top of the "mobile payment POS bracket" or will an upstart be that "bracket buster"?

Douglas A. KingBy Douglas A. King, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

March 18, 2013 in innovation, mobile payments | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017c37d8df8d970b

Listed below are links to blogs that reference March Madness on the Hardwoods, Mobile Madness in the Payments Arena:

Comments

Excellent discussion and apt analogy. I would add that just like the NCAA Tournament the winner(s) get to the final grouping by winning one game at a time and moving inexorably forward while not letting the hype and hoopla distract them from their goal. In mobile payments, this may mean incremental improvements and constant adjustment to the transaction process with an occasional "fast break" from the old paradigm will ultimately result in an application that addresses all of the needed attributes.

Posted by: Bob Skattum | March 19, 2013 at 11:21 AM

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in