Trends & Tactics

Token Specs: Curb Your Enthusiasm

The three biggest card networks would just like everybody to calm down.

As dramatic as their joint tokenization announcement was last month, key officials with Visa Inc., MasterCard Inc., and American Express Co. have been at pains to tamp down the far-reaching industry speculation the announcement touched off. They are especially eager to derail fast-moving rumors about how the announcement might affect or relate to other standards, including near-field communication (NFC) and the Europay-MasterCard-Visa (EMV) chip card specifications.

Network executives stress that their proposal for a new standard is narrowly intended to safeguard card credentials whenever a consumer uses a digital device rather than the physical card itself to conduct a transaction.

And they say that while the three networks plan to develop a tokenization standard that will ultimately be submitted to a governing standards body, they don’t intend to set up a separate network-controlled organization to manage the standard, in the manner, for example, that EMVCo manages the EMV standard. Nor do they have a specific timetable for the new standard’s development.

“I don’t think any of us is trying to shape the future,” says Jim McCarthy, global head of innovation and strategic partnerships at Visa.

Still, tokenization is a hot subject right now as more and more consumers flock to desktop and mobile devices to make payments. Nor are the Big Three alone in this effort. Similar work is under way at The Clearing House, a New York City-based processor owned by 22 major financial institutions.

The three networks, whose systems collectively traffic the bulk of card-based transactions worldwide, propose a standard calling for a so-called token, essentially a string of digital code, to replace the primary account number tied to a credit or debit card when a consumer buys something at the point of sale using a smart phone or tablet or performs an online transaction. Smart-phone and tablet transactions alone already account for nearly 10% of all e-commerce volume.

This card credential has been a favorite target of fraudsters, who can combine it with the card’s expiration date to commit online fraud. The token, by contrast, would be useless to criminals.

Reaction to the proposal has been swift and largely favorable, the card executives say. “The feedback across the industry has been tremendous,” says Ed McLaughlin, chief emerging payments officer at MasterCard.

Expert observers say on balance the proposal is a welcome development. “I think the sentiment behind this announcement is encouraging, i.e., the recognition that digital commerce is a very attractive target for fraudsters,” says Julie Conroy, a senior analyst who follows security at the Aite Group, Boston, in an email message. “As with any broad changes to the payment systems, the devil will be in the details, and in this case there are a lot of details to think through. That said, the right players are at the table driving this.”

The Clearing House’s work, which started this summer, is aimed at developing a server-based tokenization system tentatively called Secure Cloud. Not coincidentally, The Clearing House is controlled by some of the country’s biggest banks, institutions that are also clients of Visa, MasterCard, and, in some cases, AmEx.

The networks got the message. “We recognize our clients are very concerned with how their credentials are being used,” says McCarthy.

He, McLaughlin, and Mike Matan, head of global network business at AmEx, say the network-led token initiative will work with the Secure Cloud project in developing a standard. “We want to incorporate the best ideas,” said McCarthy. For its part, The Clearing House says it stands ready to cooperate. “We have had productive dialog with [the networks],” says David Fortney, senior vice president and product development manager for TCH.

Besides pressure from client banks, the networks were also spurred to move before e-commerce and mobile-commerce volumes grew large enough to create a huge fraud potential. “We’ve all seen the same thing, increased interest in digital payments,” says Matan. “It makes sense to work together now before volumes increase.”

Some of the drama of the announcement stems simply from the fact that, while the technology has been available for some time, this is the first time the nation’s three largest card networks have cooperated to develop a standard for it.

The trio of network executives, however, stop shy of making the announcement out to be anything more than the “framework” for a standard that will specify a way to use tokens to flow data into the card networks. That method, they argue, could be deployed within any number of digital communication technologies, including quick-response codes and NFC, a short-range communication standard used with some mobile-payments deployments.

“NFC will be an example of how [a transaction could be conducted],” says McLaughlin. “There will be lots of ‘hows.’”

—John Stewart

What’s in Jared’s Wallet?

Speaking of consumers flocking to smart phones, they’ll have a lot more stores where they can pay with the gadgets now that the sprawling Subway sandwich chain has signed up for mobile payments.

The tech behind the deal comes from Wellesley, Mass.-based startup Paydiant Inc., which has been peddling a white-label mobile-payments app for about three years.

The deployment, which is expected to start later this year, is being characterized by both companies as a national rollout rather than a pilot. Paydiant’s Chris Gardner, a co-founder of the company, refers deployment questions to Subway, which refuses to comment beyond the companies’ joint press release issued early last month.

But it’s hard to see this as anything other than a big deal. The Milford, Conn.-based restaurant chain claims 40,000 stores worldwide, with more than 26,000 in the United States. The release calls the chain the “world’s largest restaurant brand.” And, unlike the highly successful Starbucks Corp. mobile program, which relies on a private-label card, the Paydiant wallet supports any card.

Indeed, it appears Subway’s decision catapults Paydiant into the front ranks of the nascent mobile-payments business, where merchants have struggled to identify winning partners among a bewildering array of startups and established players.

“They should be opening the champagne bottles [at Paydiant],” says Arkady Fridman, who follows mobile payments for Aite Group LLC, Boston. “The reality is Subway is a major consumer brand.”

And Subway may not be the last major chain to sign up. “It’s the biggest retailer we’ve done business with to date, but there are a number of other whoppers we hope to announce in the coming months,” says Gardner. “It’s really starting to move now.”

National merchants like Subway are important because they can help make a new payment method familiar, even habitual, for consumers. That’s why such chains have been targeted by mobile-payments ventures like Merchant Customer Exchange, which is controlled by major retailers, and Isis, a carrier-controlled company pushing wallets that work with near-field communication (NFC). Indeed, Subway has been rumored to be in talks with Isis.

“Getting large retailers to participate is what’s needed to drive proximity payments at the point of sale,” says Aite’s Fridman. “It helps drive consumer adoption [if you offer] acceptance at large retailers.”

But both Gardner and Fridman point out there’s nothing in the Paydiant installation that would preclude a deal with another wallet platform, should Subway choose to add any. “We never in a million years request exclusivity from anybody,” says Gardner. “Exclusivity doesn’t make sense.”

Paydiant’s talks with Subway have been in progress for some time. “Over the years, we’ve reached up to them, and they’ve reached up to us for updates,” says Gardner. He says the size of the Subway installation, with its tens of thousands of locations, shouldn’t be an issue. “Obviously, there are integration challenges, but we’re super-confident we’ll deliver,” he says.

While Subway won’t discuss the deal, Fridman says the sandwich chain likely justified the tieup by looking to the data the mobile system will let the company gather on its customers, who for the most part are as much ciphers to store personnel when they walk out as when they walk in. “I see this much less as a payments play than as solving the anonymity issue between Subway and its customers,” he says. “It enables a brand-new, rich data set.”

Paydiant’s app, which is usually branded by the merchant, works by letting consumers use a smart phone to read a quick-response (QR) code displayed on a merchant’s terminal or monitor. The code, which represents a transaction identifier, triggers the app to ask the user to select from among payment credentials he has already stored on Paydiant servers. The company runs an offers-management platform and was set to launch a loyalty platform last month.

Paydiant has been on a roll lately. In September, it closed a $15 million series C round of funding, bringing to nearly $35 million the sum of cash the company has raised altogether. It has secured about a dozen clients for its app, including processors Fidelity National Information Services (FIS) and Vantiv Inc., banks Bank of America Corp., Capital One Financial Services Corp., and Barclaycard, and merchants.

Before Subway, the largest merchant client was the mid-Atlantic grocery chain Harris Teeter Inc., which is using the app in a pilot to allow customers to pay for groceries in a curbside pickup lane.

Paydiant charges a transaction fee in addition to a license fee based on the number of active users. Gardner won’t be specific about the transaction fee, calling it “small” and “some amount of pennies.”

—John Stewart

Bergeron Prowls Payments with a $500 Million Fund

The tug of the payments industry has pulled industry veteran Douglas G. Bergeron back into its fold. Bergeron, the former VeriFone Systems Inc. chief executive who left the point-of-sale terminal maker in March, announced his return to payments in September with the formation of Opus Global Holdings LLC.

The new company has $500 million at its disposal to buy companies. Bergeron is collaborating with Chicago-based investment firm GTCR, which is funding $450 million of Opus Global. Bergeron is contributing $50 million.

This is not the first time that GTCR and Bergeron have worked together. The two were partners in 2002 in VeriFone following its separation from Hewlett-Packard Co. Bergeron left San Jose, Calif.-based VeriFone in March following a poor financial showing.

Also in September, VeriFone named Citigroup executive Paul Galant as its chief executive. His hire suggests VeriFone will continue to focus on services, observers say.

Bergeron expects to consider a wide variety of companies, including those specializing in payments and regulatory and compliance services. “We’re trying to cast a net wide enough,” he says. The fragmented nature of financial technology services creates opportunities to make mergers and acquisitions, he adds.

Regarding potential regulatory and compliance services, Bergeron foresees much opportunity to create a company that can provide these services on a global scale. In particular, Bergeron pays attention to what banking executives are saying about increasing regulations, especially their assertions that meeting these regulations will require them to spend more. “Compliance systems are going to be a great market and there really isn’t a global leader for these various compliance requirements,” he says.

International payments also are a focus for Palo Alto, Calif.-based Opus Global, Bergeron says. “Domestic acquiring is pretty slow growth,” he says. “But I’m a big believer in the long-term, upward trends in payments, particularly in emerging markets.” Such markets might include Latin America and Europe, he says. Equipment sales, particularly in Europe where 31 nations are instituting the Single Euro Payments Area to ease cross-border transactions, also interest Bergeron.

Other payments areas Opus Global may consider include merchant acquiring, business-to-business payments, online wallets, mobile payments, and virtual goods.

Bergeron says discussions with potential companies are underway, but he declines to identify them. In most instances, he envisions an acquisition’s operational staff remaining in location, while the strategic-planning component could move to Opus headquarters. “The assets and back office can stay where they were when we find them,” he says.

While the news service Bloomberg quoted Bergeron as saying that perhaps one day even VeriFone might be a consideration, he downplayed that as his focus. “There is so much more exciting stuff, and they have so many exciting things to do,” Bergeron says. “I’m extremely proud of VeriFone. I don’t need to obsess the rest of my life over that one investment.”

Bergeron says Opus Global came about following his departure from VeriFone. “I started contemplating what I wanted to do in May or June,” he says.

Galant, meanwhile, has some work ahead of himself. In June, then interim chief executive Richard McGinn said VeriFone had “significant short-term challenges.” Among those challenges are that VeriFone under-invested in research and development and in getting its products certified in a timely manner, McGinn said. And it ran into trouble when a now fired distributor sold products to Iranian banks in violation of U.S. economic sanctions.

In December 2012, during Ber­geron’s tenure, VeriFone also dropped Sail, a mobile-payments platform that offered a direct-to-user payment solution intended to provide micro-merchants a single source of end-to-end payment services. It had launched Sail only in May.

—Kevin Woodward