Digital Payment in 2020

Which solutions and technologies will prevail?

Swiss Payment Forum 2019

Kurt Schmid, MD Digital Payments
 Agenda

Challenges: GAFAs, regulations, changing user behaviors….

New developments in eCom payments:
• Merchant Tokenization
• SRC
How to implement convenient payments?
Convergence between in-store & eCommerce payments
2
Challenges

3
 Top Challenges

New
(digital)
challengers

Bank / Cost for

GAFAs Regulation /
Merchant Legacy

Changed
User
Behavior

4
 Poll
What are the biggest challenges for your bank / company / organisation?

• New challengers

• Costs for regulations & IT, changing business model

• Changed user / customer behavior

• GAFAs

• Internal resistance to change

• Other
5
 New
(digital)
challenge
rs

GAFAs
Bank /
Merchant

Changed
Cost for
Regulation
/ Legacy

New Challengers – The rise of NEO-Banks…

User
Behavior

13% 15% 1 in 3
of new accounts opened of 25 to 34-year-olds people in the greater London
from Jan – June 2019 hold an account with a area is considering to opening
were digital only banks neo bank a digital-only bank account

1 in 8 people

Source: MC Study – “UK state of Pay (Sept 2019)” 6

 … and impact
In 2025, Fintechs cut banks by 14 percent of total revenues

In the future, banks will lose up to $280 billion of their revenue

from payment transactions according to a study conducted by
Accenture. As a consequence, Fintechs would have a share of 14
percent of industry turnover1.

“The digital boom will mean banks have to fundamentally

change the way they think about their revenue composition”
“Channels that once made the banks billions of dollars will cease
to exist”2

Source: t3n1 & Reuters2 7

 New
(digital)
challengers

GAFAs
Bank /
Merchant

Changed
Cost for
Regulation
/ Legacy

Costs for regulation / Legacy

User
Behavior

Costs for regulation are equally distributed to

all (in theory) …

BUT … PSD2 has less legal burdens to AISP

and PISP than banks

Costs for (legacy) IT are increasing

8
 New
(digital)
challengers

GAFAs
Bank /
Merchant

Changed
Cost for
Regulation
/ Legacy

Changed User Behavior

User
Behavior

 Mobile First

 Always online

 Less loyal (traditional values decreasing)

 Instant results needed

 Demanding on modern UX

9
 New
(digital)
challengers

GAFAs
Bank /
Merchant

Changed
Cost for
Regulation
/ Legacy

GAFAs embrace payment & banking

User
Behavior

10
A Theoretic Threat?

11
E-Commerce Landscape

12
 E-Commerce Checkouts
Majority (61%) is Card based, thereof
29% is Cards-on-File (CoF)
19% Guest Checkout
13% Digital Wallets

Direct Transfer Others

By entering Account 22% Other 11%

“Global e-commerce payment market is expected to

grow from US$ 24.26 Bn in 2017 to US$ 64.69 Bn by
2025 at a CAGR of 13.1% between 2018 and 2025.”
Even stronger growth for m-commerce and in-app payments
Source: Mastercard, Worldpay, BCG
 Concerns and Challenges in E-Commerce Payments
ISSUER
CONCERNS PSP /
MERCHANT
Lost Abandonment & Decline Lost revenues CONCERNS
transactional 24% rate when 3DS (1.0) is used through
revenues abandonments
through and declines Low
abandonments conversion rates
Decline rate when
Risk/fraud
and declines 17% 3DS is not used
especially on
through mobile
Risk/fraud channels
different
through different
attacks
Cost Higher fraud rate of attacks
of customer 4-10x CNP compared to CP Higher
care transactional
costs for CNP
versus CP
Source of figures: Mastercard, Worldpay, BCG
 How to Solve This
eCommerce Checkout Types
Cards-on-file 29%
Replace PAN by token to reduce risk
Improve security to CP level
(where a cryptogram is used)

Cards in Guest Checkout 19%

Same as above plus
Secure
Improve usability for consumer Remote
Commerce

15
Here Are The Four Main Use Cases Of eCom Tokenization

ENROLL:
Add card manually or tokenize from
card on file

DISPLAY CARDS
Card art coming from token service
(user sees his real card image

TRANSACT
Generate EMV cryptogram
(can be used for one or more transactions)

LIFECYCLE
Issuer account update

16
 ToPay eCom Token Connector Architecture
Scheme
Acquirer Network

Token Service
Merchant
Provider (TSP)
App ToPay eCom
and Token Vault
Token Connector
SDK
PSP Token Enrollment &
TSI* AETS Issuer
Transaction API

Merchant
Token Notification TSI* MDES
Website API
Merchant TSI* VTS
Management API

17
Comparing Scheme Tokenization with PSP Tokenization

Better Expected to Expected to

approval rates be mandated be mandated
by schemes by schemes
Users can push and
Card data manage cards for
cannot be merchant (within
stolen Life cycle Complies to issuer app)
Higher management, Will be
PSD2 SCA, basis
security and less E2E connection pushed also
for delegated
risk merchant - Less by SRC
authentication
Possibility issuer Scheme Fees
to show cardart to or Interchange
user (depending on
situation)

Advantage compared to PSP proprietary tokenization

18
Secure Remote Commerce

19
Key points of the EMV® Secure Remote Commerce Framework
“SRC”

 Defined by EMVCo (https://www.emvco.com/emv-technologies/src/)

 Scheme agnostic to help interoperability

 Pay securely via single SRC checkout button

 Will be scheme-neutral successor of MasterPass & Visa Checkout starting 2019 / 2020

 Will support card tokenization

 Demonstrator available from Netcetera, training courses coming as soon as specification out

20
 What are the various roles in SRC?

DPAs SRCI DCF

(Payment Service Provider, (Payment Network,
Merchant, Browser or Merchant)
Acquirer or Gateway) SRC PI
Issuer
Merchants’
Shopping
Pages/Apps

SRC System
Payment Network

21
 First-time enrollment during shopping
DPA SRCI DCF DSA
 Card retrieval if customer is not recognized
DPA SRCI DCF DPA
Enrolled and returning user & device is recognized
DPA SRCI/DCF DPA
 Pillars for Increased Conversion

Customer friendly UX

Delegated Authentication

Wallet with
Secure
OOB features
Remote
3DS Security / / Push & Pull
Tokenization Commerce
Risk Provisioning

25
White Label Issuer Wallet

26
 Issuer Wallet / Card App

Features
Account / Card / Transaction Management
Onboarding / Authentication / Biometric
support
Payments (NFC, P2P, PSD2 compliant 3DS Auth)
Card controls
VAS,…
+ Push Provisioning

27
 OEM Payment Activation

Features
Offers OEM payment activation (super green path) with
fast time-to-market
• Push Provisioning
• In App Verification
• Card & Token Management
• Status & Lifecycle

28
Push Provisioning (from Issuer App to Merchant Apps)

29
Delegated Authenticion

30
 Checkout Today

Merchant App Issuer App (3DS) Merchant App

31
Checkout Tomorrow (Based on Delegated Authentication)

Merchant App

32
 Delegated Authentication and PSD2

 Two factors to be compliant to PSD2 SCA :

– Payment Card Token bound to a device
– Authentication in the merchant app, proven to the schemes by e.g. a FIDO Auth Token
 Initial binding with 3DS NPI transaction required
 Supported by Mastercard (Authentication Express) and VISA’s Cloud Token
Initiatives
– Technical and legal framework

33
 Use Case Convergence
Purchase in a shop using an eCommerce Checkout (CNP Trx @POS)

Payment in a merchant app by a wallet using a registered payment instrument (Remote

Payment CP Trx)

Borders are dissolving

34
 Resulting CNP to benefit from CP-like Mechanisms
Card Not Present (CNP) Card Present (CP)

Manual Communication
between Payment Instrument Digital Communication between
and Point of Acceptance (PSP Prov. / SRC Payment Instrument and Point
Software) of Acceptance (Terminal)

Transaction not secured Transaction secured by

(only based on knowledge) Tok. Cryptogram (Possession)

Cardholder Validation with Cardholder Validation traditional

Deleg. Auth with PIN, on devices also by
3DS Step-Up
biometry (CDCVM)

35
 Outlook Digital Payment in 2020
Banks can defend the customer interface by offering payment management and value
added services around the payment

eCommerce payments will become more convenient and secure

UX will improve:

• Instead of manual enrollment Push & Pull provisioning

• Instead of burdensome authentication easy OOB authentication respective already

delegated authentication in merchant app

36
 Kurt Schmid
Managing Director Digital Payment
Kurt.Schmid@netcetera.com

https://www.linkedin.com/in/kuschmid/

Europaplatz 4
4020 Linz
Austria

kurt.schmid@netcetera.com
+43 664 112 11 00