Mobile Wallets: The Battle for Control of Point-of-Sale and Opportunity for FIS
Amazon’s announcement of the Fire ‘phone yesterday, along with the launch last October of pay-with-Amazon (allowing customers to use their Amazon credentials to pay on other e-commerce sites), raises the possibility of an Amazon wallet leveraging the firm’s 250mm cards-on-file (vs. 800mm for Apple and pay-with-iTunes and 140mm for PayPal). The prospect of a wallet, particularly if integrated with Firefly-enabled “show-rooming”, increases pressure on retailers to shape the evolution of mobile payments and control the point-of-sale.
Mobile wallets will either be: bank-sponsored (and enabled by host card emulation so that the phone acts as a proxy for plastic with the card credentials stores in a virtual secure element in the cloud); retailer-sponsored (using Paydiant or similar white-label, cloud-enabled QR-code solutions); or based on extending card-on-file franchises from e-commerce to point-of-sale with Apple being the likely winner in the genre.
- In each case, payments functionality is not stand-alone: it is integrated into mobile banking for bank-sponsored wallets, into loyalty and offer programs for retailer-sponsored wallets, and into a beacon-enabled digital shopping experience for Apple and, possibly, PayPal.
Banks are concerned that other digital wallets may put their brands “in the back seat”, and are fighting to control interaction at point-of-sale. With EMV compliance and tokenization, we expect bank-sponsored wallets to offer the same “card present” terms for merchants as card-swipes: that is relatively low fees and issuer responsibility for fraud risk. While bank-sponsored wallets will be treated as substitutes for plastic, card-on-file wallets will be treated as extensions of the desktop and so generate the same “card-not-present” terms for merchants as e-commerce transactions: that is relatively high fees and merchant responsibility for fraud risk.
- Among card-on-file wallets, Apple has a uniquely good case for card-present treatment because the fingerprint risk-scores from TouchID may reduce fraud risk below even physical plastic. However, tokenization will be necessary and raises difficult issues: large banks will want to maintain control of tokens, but this reduces the value to Apple of its cards-on-file data.
Retailers are concerned that banks will reserve mobile wallets for credit cards as part of their ongoing response to the Durbin cap on debit interchange which has involved shifting consumer spending from debit cards to credit cards (see Exhibit below). In addition, retailers get the importance of understanding customer buying patterns in a world of data-enabled targeted marketing, and so want to control and protect transaction data. This has led to the formation of the merchant payments consortium, MCX, to promote an alternative acceptance infrastructure to V/MA within which participating retailers can operate their own wallets integrating payments, loyalty, and offers; MCX does not contemplate the sharing of transaction data between participating merchants.
While the primary motivation of retailers may be to control and protect transaction data, it is likely they will promote low cost, and particularly ACH-enabled debit, solutions in their wallets. This is an opportunity for FIS which can act initially as an acquirer for ACH transactions and transition them over time to its PayNet infrastructure (providing real-time authorization and settlement through leveraging the connectivity to bank checking accounts provided by FIS’ core processing business and ownership of the NYCE debit network). And it is a concern of Visa/MasterCard that has led to a battle between the networks and large retailers over point-of-sale technology as follows:
- The Europay, MasterCard, Visa (EMV) standards establish a global protocol through which chip-enabled payment devices (whether card or phone) communicate with point-of-sale (POS) systems. To encourage merchant-adoption of EMV-compliant POS systems Visa/MasterCard will make non-compliant merchants liable for fraud losses on EMV-compliant devices beginning October 2015. From a security standpoint, it would be sufficient for merchants to install only chip-card readers, but they will not be relieved of fraud risk unless they also install NFC-enabled contactless terminals; in other words, Visa and MasterCard are using the EMV roll-out to establish an acceptance infrastructure for bank-sponsored wallets.
- Recognizing the threat, WMT is urging merchants to install EMV compliant contact terminals (i.e. chip readers) so as to reduce the system-wide risk of fraud but not the contactless terminals which open the door to bank-sponsored wallets. Indeed, MCX members commit not to enable acceptance of any digital wallet other than the MCX product.
While MCX has been delayed by the decision, last February after the Target data-breach, to employ cloud-based tokenization and hence contract with Paydiant rather than exclusively with Gemalto, we believe it needs to launch in the first half of 2015. Any later and the risk is that merchants install EMV-compliant contactless technology to obtain relief from fraud losses (although these will be meaningfully lower with EMV compliance than at present) increasing the chance that bank-sponsored wallets become a de facto standard.