Visa and Cashedge

March 16, 2011 Leave a comment

16 March (updated 17 March)

http://www.prnewswire.com/news-releases/cashedge-and-visa-to-expand-network-offerings-118071239.html

Visa has been chasing after any party with direct links to DDA accounts. This in an attempt to “end run” around poor OCT adoption (see previous blog).  I understand that Obopay is also set to announce support of VMT. What a change from their MasterCard approach!

Visa is getting decent traction in Asia/ME in receiving VMT, problem is that there are no send capabilities, and the majority of banks are telling Visa to “pound sand” with their OCT transaction set mandate (see previous). I was told yesterday that the OCC is looking into both the mandatory nature of Visa’s OCT and the AML controls.

It will be interesting to see how Visa explains the loss of international wire fee revenue to their member banks. Why pay $40 for an international wire when you can use CashEdge to send to Visa, then VMT to send to India/Mexico, …? As I ran Citi’s online properties I can tell you this completely overlaps with my Citi Global Transfer service and I would not be happy at all.

As a banker, I’m mad as hell at Visa. Why don’t I like this VMT?

  • Visa will keep the directory of cards, mobile numbers, and DDAs. The last 2 really really make me mad. Who says they can hold my customer information?
  • Visa runs it..Continues to build Visa brand on your ACH
  • You own the risk, Visa develops new services
  • Circumvents all of the industry controls on ACH (ex. Early Warning)
  • Unfunded Reg E research burden and consumer support reqs.
  • Confusion in online services
  • Cannibalizes existing bank products (wire transfers)
  • Customer service/research nightmare .. all unfunded
  • Visa may have a much smaller role to play in debit.. why would I want to add new services to their group?
  • it will be very, very hard to shut down once it gets moving.

Fortunately for banks, CashEdge is a bank friendly vendor. Actually, it wins the prize for  best bank vendor (I signed 2 contracts w/ them).  Visa will not do enrollment, nor will they have directory of DDA/Debit. CashEdge is providing multiple service/pricing  options t0 participating banks:
- Send to DDA
- Send to phone
- Send to e-mail
- and new option.. send to Visa Debit Card (w/ fee)

Each bank has flexibility in determining IF they want these services and how to price them. As you can tell.. I would never let the Visa option happen.. but then again I don’t run the online bank anymore.

I’m beginning to wonder if I’m just a pessimistic nag. I’m tired of being negative on things… What do I like this quarter? Google and NFC, the Chase QuikDeposit app, PayPal at the POS, .. oh and I loved (past tense) ISIS until they fell on their own sword.

No blogs next week.. will be out of pocket…

Filed under mobile money Tagged with , , ,

Square “Violations”

March 16, 2011 1 Comment

16 March 2011 (Updated 17 Mar)

My top issue w/ mobile swipe is clearly customer behavior and potential data loss.  I’ve been asked to provide a basis to decline Square transactions (debit particularly) so, rather than sending out multiple e-mail responses, I thought I would share. Issuer Top 4 reasons to decline Square

  • PABP/PCI compliance
  • Collection and use of ancillary customer information
  • Paper Signature requirement
  • Chase has all of the equity upside

Visa developed the Payment Application Best Practices (PABP) in 2005 to provide software vendors guidance in developing payment applications that help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data.

http://usa.visa.com/download/merchants/validated_payment_applications.pdf

 

Phase V of PABP went into effect on July 1, 2010. This phase required all Acquirers to ensure that their merchants and agents use only PABP-compliant applications. A list of payment applications that have been validated against Visa’s PABP /PCI DSS is available at www.visa.com/pabp. Note Square is missing, how can Chase acquire for merchant/aggregator that is in clear violation?

UPDATE 17 Mar (Thanks Bob Egan) Evidently PCI has revoked certification of all mobile swipes until new rules have been created. See related post  http://storefrontbacktalk.com/securityfraud/pci-council-confirms-multiple-mobile-applications-delisted/2/

From the Visa Operating Reg, (pg 428)

While Square does not “require” mobile number or e-mail address, it is collecting it at time of transaction (plus your location). As this information is associated with the transaction, it must be managed within PCI. The business risk here is that Square will use address and location information for something else.. or Chase gets the e-mail address of all of your card customers. This is why the rules were created.. so this does not happen.

Last is Visa requirement for paper receipts. From Visa’s Transaction Acceptance Device Guide

Chase bears all of the burden here, I hope they have taken a holistic view of the fraud and data compromise risk.. not just approving their own cards… but for every card ever swiped by Square.  Advanced fraud schemes take 18mo-2 years to develop.. so it may take some time for risk to materialize.. and for them to pull back.  Chase.. these future losses will easily wipe out the 15% of Square equity that you hold.  Perhaps they are moving so aggressively here because one of their key partners (ie Apple) is falling down in NFC.  Which brings to mind the larger question: Is Chase Anti NFC? 

Remember just 4 weeks ago that all of the US banks were looking at a future where ISIS would control NFC on the handset. Perhaps this is Chase’s way of developing an alternate strategy to address NFC’s biggest weakness: infrastructure.  If this is true.. then Chase I apologize.. your strategic play here was indeed valid. As of this month, we are looking at a ISIS crash and burn and NFC control with RIM, Google and Nokia. My hope is that Chase will abandon Square once the threat, of MNO control over payments, has been eliminated. 

Recommendation for banks

  1. Educate your customers. DO NOT give your personal information out when you use your card
  2. Start to educate your customers on mobile payments in general.. how will it work?
  3. Encourage use of credit over debit.. greater consumer protection and better margin for you
  4. Set some common sense rules .. use your card with trusted vendors (Apple, Grocery, … )
  5. Educate your customer facing employees from branch to call center..
  6. Think about your small business value proposition, how can you help small businesses accept cards?
  7. Issuers, think about declining Square transactions.. particularly for debit

Filed under Cards, mobile money Tagged with , , ,

Follow

Get every new post delivered to your Inbox.

Join 143 other followers