Quick Thoughts: Winners and Losers as Relentless Data Breaches Drive the US Payments Industry to EMV and a New Digital Era for Data-Enabled Fraud Management and Marketing
Visa and MasterCard are being forced to promote EMV-standards for chip-based cards as ongoing data breaches (including those at Albertson’s and SuperValu announced on Friday) increase the risk that network inaction triggers regulatory intervention. However, EMV adoption (which makes card data less valuable when stolen rather than more protected) will move the payments business into a digital era where customer data, which is ultimately owned by issuing banks and retailers and not by the networks, becomes a more decisive success factor. MA acknowledges this in commenting that “EMV in the physical world is a much thicker pipe [than mag stripe]… not only is it a more secure transaction but you can add more data into the stream that can drive things like offers and receipts”.
We are already at the EMV tipping point with FIS announcing in its last quarter’s results that it had won the first conversion to EMV of an entire card portfolio (rather than just a high-net-worth or travel portion); given fraud tends to migrate to less secure non-EMV channels, no issuer (or, after October 2015 when fraud risk on EMV cards can shift to them, no merchant) wants to be among the last to be processing mag-stripe transactions; the resulting rush-to-EMV will generate a tailwind for businesses such as FIS and VNTV that competitively differentiate through security capabilities. We note that migration of fraud to the e-commerce environment as EMV is adopted at physical point-of-sale may overwhelm existing the risk-management capabilities of online incumbents which payments consultant Javelin has described as : “using solutions [e.g. static user names and passwords] that are more than a decade old and wholly unacceptable”; this is a potential headwind for PayPal and opportunity for new entrants, such as Chase Quick Check and Visa Checkout, using modern security techniques such as dynamic tokenization.
As EMV gains adoption, retailers and banks will build data-enabled marketing and fraud risk-management strategies to leverage transaction information across physical and digital channels so as to compete more effectively against e-commerce specialists. An early example will be digital wallets that are open (in the sense of giving the customer the ability to register a variety of payment instruments, including network-branded as well as proprietary solutions) to improve visibility into customer payment behavior and hence the ability to sharpen offer and loyalty algorithms and steer purchases to preferred solutions. As banks and retailers increasingly use digital wallets to shape customer payment choices, they will look to develop new payment-routing options to control and protect transaction data (as in the case of the SBUX mobile app, for example) and to lower processing costs (as in the case of PayPal’s use of ACH, for example). ChaseNet and the merchant payments consortium, MCX, are examples involving both direct routing and new acceptance brands; by end-2015, we also expect direct-routing between large banks and retailers using unbranded solutions such as those from ACIW (at a cost to the bank of 0.005 cents/transaction vs. at least 5 cents/transaction for Visa).
- Access to transaction data will additionally enable large banks and retailers to sharpen authentication algorithms. Indeed, we expect a wave of innovation in the use of transaction data, and ancillary data available from mobile devices such as geo-location and biometrics, for ROI-measurable improvement in fraud risk-management. As a result, the current binary distinction between card-present and card-not-present transactions will give way to an environment where transactions are scored and priced for fraud risk; we believe this has already been an important discussion between banks, networks, and AAPL around the reported launch with the iPhone 6 of a mobile shopping app with integrated payments capability.
The most successful data strategies will be those that “close the loop” by marrying “in-basket” transaction data available from the merchant with “purchase-away” transaction data available from the issuer; ADS provides an example of how much more effective the resulting data-enabled marketing can be than generic branding although we prefer AXP, COF and VNTV as plays on the shift in marketing spend from Madison Ave to payments companies. As payments data are increasingly used to support marketing, industry-pricing will shift from network-based interchange (which is ultimately based on the risk of lost sales if a retailer refuses to accept network brands) to demand-generation pricing agreed bilaterally between large banks and retailers (and based on the measured-ROI from collaborative marketing to shared customers). The shift in focus from the risk of lost sales to the opportunity for demand-generation is already evident:
- Target offers a 5% discount on purchases made with its proprietary RED cards because of the lift to visit-frequency and ticket-size even though this represents a substantially higher acceptance cost than on a Visa card.
- Level-Up, the largest open mobile payment network in the US, is looking to reduce interchange pass-through to zero by generating revenue from marketing campaigns informed by payments data; and
- Uber charges taxi-drivers 20% of the ticket value without distinguishing between its demand-generating and processing services.
Our core thesis is that US payments industry structure will be increasingly driven by bilateral arrangements between large banks and retailers as they look to partner around data strategies (with the Costco-Amex partnership being a long-standing example from the mag-stripe environment), and we are cautious that these partnerships will tend to disintermediate V and MA as branded networks. V and MA are responding by looking to extend the edge of their networks and data-reach beyond issuing and acquiring banks to end-cardholders and merchants so as to support data-enabled marketing at the network level; MA, for example, has commented that “one of the examples [of using the thicker EMV pipe] that we are driving is in the loyalty space where we believe the MasterCard network is a great way to close the loop on coupon redemption … and drive the ROI calculation to a very finite point.” While this may work for smaller issuers and retailers, it is likely to antagonize large banks and retailers who are looking to develop competitive advantage from data-enabled marketing rather than see it provided, like an acceptance brand and fraud risk management, as a network service that can even the playing field for smaller competitors.
- Chase, for example, will not share the personally-identifying information or “PII” of cardholders with Visa (so that Visa knows the primary account number or PAN but cannot link that to a customer name or address); and WMT, for example, is refusing to accept any mobile wallet but the MCX solution.
- However, other banks and retailers are less rigid with PNC, for example, being an early supporter of Visa Checkout (which does require the sharing of PII) and WAG, for example, choosing to accept the GOOG wallet.