Main changes brought by PSD2

PSD2 - An update

Credit card, PayPal most used payment methods in US



Update on US Payments Landscape

There are a lot of moving parts in the US payments landscape with the ongoing EMV migration to chip technology,
 - growth in mobile payments and
-  contactless payments, and
-  the increasing need to secure the card-not-present environment, all of which need support from and coordination with the entire payments ecosystem.

Moving forward with EMV in the US

The U.S. Payments Forum is made up of constituents from the entire payments ecosystem and has been the source for EMV implementation guidance since the start of the migration in 2012. Today, approximately a third of US merchants are enabled to accept chip cards, and about three quarters of consumers have at least one chip card in their wallet.


From what our chip-enabled merchants are telling us, chip-on-chip transactions are increasing at a very solid rate, and our larger enabled merchants are seeing most of their transactions come in as chip transactions. But we need to continue to support enablement of more access points, such as in-store point-of-sale terminals at mid-size merchants, ATMs, and automated fuel dispensers to meet the goal of the chip migration: removing in-store counterfeit card fraud, the largest source of fraud in the US, from the system.


To help the industry meet this goal, the Forum is continuing to address issues that arise from those parts of the ecosystem that have implemented EMV, and provide education and implementation guidance to merchant segments that have unique and/or challenging migration paths, such as the ATM, petroleum, transit and hospitality industries, as well as the mid-size merchant community.

A closer look at EMV in the petroleum environment

The unique challenges facing the retail petroleum industry in upgrading their outside pay-at-the-pump systems to EMV have been an active part of the Forum’s EMV migration discussions over the last year, particularly within our Petroleum Working Committee.


At the end of last year, American Express, Discover, Mastercard and Visa individually announced modified timelines for their respective EMV fraud liability shift policies for automated fuel dispensers in the US. The petroleum industry policy changes that were slated to take effect in October 2017 were modified to take effect in October 2020.


After these modifications were announced, we saw some misconceptions in the media that the new timeline would cause the petroleum industry to delay their migration plans. But what we are really seeing is that the petroleum industry understands that they need to ‘put the pedal to the metal’ and use this extra time to complete the hardware and software upgrades at the pump to make sure their outdoor environments are enabled to accept chip as quickly as possible to avoid fraud risk.


Over the next year, the Forum will continue to help the petroleum industry move forward with its chip migration by identifying and resolving challenges associated with implementation and conducting educational outreach programs, including to payment technology providers servicing the industry.

Addressing the card-not-present environment, mobile payments

The industry has shown a high level of focus and urgency towards securing the in-person payment channel with EMV chip payments, and it is absolutely critical that the US payments industry continues to simultaneously devote the same level of energy to work in the card-not-present channel.
With the expanded focus of the U.S. Payments Forum, we have made addressing fraud in the card-not-present environment in online and mobile channels a priority in addition to continuing to aid the migration to chip. And our cross-industry mix of payments stakeholders puts the Forum in the unique position to provide the actionable implementation guidance that the industry needs to create successful multilayer fraud reduction programs and close off these channels to fraudsters.


Two of the U.S. Payments Forum working committees, the Card-Not-Present Fraud Working Committee and Mobile and Contactless Working Committee, are heavily focused in this area and are launching projects to provide best practices and educational resources on how to help secure these channels. Some of these projects will include an analysis of card-not-present fraud trends and lessons learned around the world, and an analysis of factors that have led to successful and secure mobile wallet implementations.


In addition to the Petroleum, Card-Not-Present Fraud, and Mobile and Contactless Working Committees, the U.S. Payments Forum’s ATM, Communication and Education, and Testing and Certification Working Committees are also very active in providing guidance and resources to move the industry forward.

Automation in US banking – part 1 - By Art Gillis, Banking technology consultant

Art Gillis, a seasoned banking technology consultant (working in the computer industry since 1958 – and listed as a top 25 tech consultant by the American Banker) and author, presents his latest “Automation in Banking” report (#31!), which looks at the US core banking and ancillary software market.

In 2005, 755 financial institutions acquired a new core system. Now, the norm is 218.


It’s difficult to be positive when the numbers are going down, even though words of many others are claiming a robust future.


This report is about core applications as well as ancillary applications. Core includes four pieces:


1) all deposit applications;
2) all loan applications;
3) financial data related to the bank (general ledger and financial statement rendering);
4) customer database (now a popular IT solution referred to as KYC by the regulatory agencies).


There are 26 categories of ancillaries (but hundreds of brands). Put these categories together, with hopefully an integrated infrastructure, and you are ready to process transactions, thousands per day or billions per day.


To say that “Automation in Banking 2016″ is like no other report ever published would be a lie. I do not read other reports, but I know what was included in the 31 editions of the reports that I produced. There’s a huge difference between #1 and #31, but in the past ten years, the differences were in the details. 83 exhibits, 55 vendor profiles and over 300 IT solution profiles provide the details.

• Five companies still occupy the space known as top core vendors: FIS, Fiserv, Jack Henry, D+H Corporation (soon to merge with Misys) and Computer Services Inc (CSI).

These companies got their label in the 1960s because core was all there was. They now offer core plus ancillaries.
If you’re looking for a sixth top core vendor, you won’t find it. But there are nine other companies in the US that do what the five do, but with much smaller numbers. Don’t worry about their survival. FIS doesn’t want them. Fiserv and Jack Henry don’t need them. And D+H has just been bought by a private equity firm. CSI is happy where it is. I don’t believe the nine are looking for an acquirer.

• Offshore core companies have been looking at the US market, for several years, but with little or no success.

There are five – Infosys Finacle, SAP, Temenos, Oracle FSS and Misys (which is to merge with D+H) – that can afford to be interested in the US, but there are also new offshore entries appearing that just want to take care of their own backyards.


In my opinion, the only segment of the industry that offshores should play in is the top tier. If a small US bank were to acquire an offshore core solution, the rude awakening would occur the first time the bank dialed 1-800. No company provides service like FIS, Fiserv, Jack Henry and CSI.

• There’s too much buzz about banking and how technology is going to solve the industry’s weaknesses.

And make no mistake, banks are still weak even nine years after the 2008 crisis.


The buzz is better known as digital banking, blockchain/Bitcoin, cloud, disruptors, big data, artificial intelligence (AI), start-ups, and millennials.


What banks need most right now is a new breed of CEOs to develop a strategy with their customers to promote the greater use of technology.


For now, the buzz is mostly about intent. I’ll wait until I see availability, delivery and performance in the minds and hearts of bank customers before I show reality in a future edition of “Automation in Banking”.

• Each year, there is a consistent reduction in the number of financial institutions of 4.2%.

In recent years there has been paltry evidence of new banks. In 2015, there were only five greenfield banks.
20 years ago, bankers were predicting an industry with numbers like 2,000. Their timing was off but the number might be correct. The top tier banks are getting bigger, and there are more of them. The small banks are losing ground because they cannot afford the over-regulation. If the mid-tier banks continue to do a good job, they will be acquired.

• In recent years, IT outsourcing has become the preferred choice of bankers.

“Preferred” is important. Small banks have realised that they cannot keep up with and manage technology efficiently, so 60% of them now rely on their core processor for outsourcing. Trend-wise (new core sales in 2015), 75% are switching to outsource.
The story changes with mid-tier. Those banks (56%) want their own system because they believe they can manage it better than a third party. The big boys love in-house because it provides bragging rights. At the present time, 85% do their own thing, and they have the money to pay for it.

• This report does not evaluate banking technology vendors.

The report displays vendor performance based on their accomplishments. Bankers and investors have to use those accomplishments to determine what’s right for them. Here is just one of 800 accomplishments – strength of vendor current sales:

• Fiserv sold 41% of all new core deals in 2015
• Jack Henry – 22%
• Nine small companies – 23%
• CSI – 8%
• D+H –  3%
• FIS – 2%

However, the picture can change significantly when one examines the other 799 accomplishments.

• In 2015, the top five core vendors had combined revenue of $14.2 billion.

The biggest change to that figure in 2016 will be the acquisition of Sungard by FIS, not organic growth. I do not see much organic growth for the top five going forward. The main reason is their customers already have the technologies they need. And regardless of the buzz in the press, there are no new IT products for the top five that I can see. The last one was mobile banking.

• Please remember, it’s numbers that dictate success.

So with that in mind, here are the vendors that reported revenue and produced the best increases, year over year:

• Cardronics – 14%
• TSYS – 17%
• ACI Worldwide – 17%
• Vanity – 23%
• Q2 – 32% increase in revenue

• If market share were determined by number of core customers, here is the lineup:

• Fiserv              37%
• Jack Henry      17%
• FIS                  15%
• D+H               7%
• CSI                  3%
• All others         21%

• The debate about legacy vs. open core continues. But evidence is clear. Some banks are switching, and they are switching from legacy to legacy.

Example: Umpqua Bank switched from a very good legacy to another vendor’s very good legacy. Explain that when all the buzz is about open architectures. Umpqua Bank has a strong reputation and track record. CEO Ray Davis is no dummy. Only insiders know the reason that Umpqua stuck with legacy. A more meaningful question is why didn’t the bank follow conventional wisdom (and the pundits) and switch to a modern architecture core system?

• Acquisitions among the vendors in this report were the fewest in the past 24 years, only six.

That means three things:
1) the pool of worthy candidates has diminished;
2) the top five core providers have every product they need;
3) the top five reported revenue growth that was all organic.
They didn’t get any of it by acquiring companies. There are some strong best-of-breeds enjoying robust harvests, but acquirers learned how to acquire early before the marrow was sucked out of the bone.

• Regarding revenue, the pureness of revenue, earned not bought, tells a strong story.

Banking technology has become a steady, mature industry reporting nice revenue increases (3.5% for the group) that protect earnings, but certainly not the rage as the buzz might suggest.
For the past four decades, bankers would ask me, as I collected my final payment: “tell us when we are done”. I answered with: “Never.” I might have been wrong. It looks like 2015 was close to, “we’re done here”.

• When the first Martian delegation drops in on Earth, their leader will say: “Nanoo nanoo, wiki eeky al po ka na tee moov it.”

Which means “Take us to your top 5 so we can understand what digital banking really is.” The Martians will realise and respond: “Para vi va tara nu nu.” Which means, “Been there done that.” I have it on good authority that Martians do not use labels to exploit new ideas.


Digital banking is just a label, nothing new for banking technology. In simple language it means a fully integrated suite of automated solutions covering everything consumers and businesses need to release bank employees from doing grunt work and convert the expense of buildings as the delivery conduit to a customised device that can now best be used for real-time delivery anywhere anytime.


The top five can deliver it now, but bankers are not deploying fast enough. Thus the top five will see little revenue gains from something called digital banking. No vendor in this report is offering a solution under that name.

Facts about Banks

What is Digital Secure Remote Payment?

What is Digital Secure Remote Payment?

A DSRP transaction is a Mastercard payment method that uses EMV-based cryptography to provide a safer, more secure transaction. All DSRP transactions are routed to the Mastercard network. The use of DSRP by a merchant is optional.

Merchant benefits

With DSRP transactions, Mastercard seeks to help merchants make payment transactions more secure for their customers, which can potentially also drive the following:

• Incremental sales
• Improved economics (e.g., reduced fraud)  
• Simplified check out and stronger consumer engagement with the merchant’s e-commerce site by reducing shopping cart abandonment and declines

In addition, consumers can benefit from increased security and the option to use their preferred payment device/app.

Merchant opt-in prerequisites

Mastercard is committed to ensuring the increased security and integrity of all payment transactions. DSRP transactions represent a valuable new technology that enhances the security of remote payments.

Mastercard is offering merchants the ability to accept DSRP transactions from digital wallets to encourage the adoption of this technology-enabled payment option and as an incentive to route transactions to the Mastercard network. Taking advantage of DSRP transactions is optional for merchants. A merchant’s determination to opt-in for accepting Digital Secure Remote Payment transactions must be made with a full understanding of the routing decision and must be uninhibited by the acquirer or processor.

If a merchant does not want to route e-commerce transactions to the Mastercard network, the merchant should not opt-in to accept DSRP transactions. A merchant that does not opt-in to accept DSRP transactions may continue to accept Mastercard branded e-commerce transactions using a more traditional method.

Benefits of Cloud-Based Banking Infrastructure

Cloud-based services have been driving efficiency and cost reduction across industries for quite some time now. In banking, however, the transition towards cloud storage and access has not been met with the same enthusiasm due to various reasons – risk management being one of the primary explanations.

 

 

 

Nevertheless, security matters do not neglect the benefits that cloud-based infrastructure in banking carries. Among some of them, professionals point out the opportunity to standardize IT across an organization, making it more straightforward for regulators to have a clear picture of any organization. Cloud-based storage and services make IT updates across the units of a complex international financial institution more efficient.

 

It is worth mentioning the efficiency that cloud-based infrastructure may bring into decision-making and policy implementation. With remote access to the information regarding new implementations and internal changes, the cloud brings efficiency in providing access to all involved parties in a single format and place to securely and effectively evaluate the matter.
Cloud technology enables banks to quickly scale processing capacity up or down in order to react to changes in customer demand, as BI noted along with cloud’s flexibility advantage that allows banks to choose where they want to run systems.

 

In addition, the cloud embraces the team-based collaborative culture of modern organizations, where the value of team-work has been given a high esteem. With regard to the transformation of the way people work nowadays from standard workplace-based 9-to-5 jobs to remote and personalized schedules, cloud in the banking industry can make changes to the traditional state of the workforce management in a sphere untouched by modern employment trends.

 

Capital One has listed more benefits that cloud computing brings into banking among which are velocity, elasticity, availability and more. Over the coming years, an increasing number of financial institutions will certainly be turning towards the cloud in the realization of broader opportunities it brings in comparison to owning data centers.

Who is adopting the cloud in banking?

Fierce competition represented by FinTech startups with their low-cost solutions has been catalyzing the transition towards cloud for a range of financial institutions nowadays. In fact, as reported by Bloomberg at the end of last month, of the world’s 38 largest financial institutions and insurance companies, 25 have already signed up with Microsoft and are beginning to put applications in the cloud.

 

• Capital One, the eighth-largest US commercial bank, started deploying applications in cloud services in early 2015, the edition adds.  
• Capital One in Virginia has been reported to be closing its data centers in favor of cloud-based storage and will reduce their number from eight to three by 2018.

 

“There’s nothing we aren’t willing to put in the public cloud,” said Rob Alexander, Capital One’s Chief Information Officer. “We are now doing the vast majority of all our new development in the public cloud, and we are systematically moving our legacy applications.”

 

Singapore’s DBS Bank recently signed an agreement with leading infrastructure provider, Amazon Web Services (AWS), to leverage its cloud technology. With this, DBS will create a hybrid cloud environment optimized for rapid changes of capacity and functionality, which is complementary to the bank’s traditional use of data centers.

 

As DBS Head of Technology and Operations, David Gledhill commented in the official press release, “In today’s fast-changing world, companies such as Amazon, Facebook, Google and Netflix are widely acknowledged as leaders in innovation. What sets them apart is their ability to constantly experiment, automatically scale and rapidly bring new features to market. They are able to do this in part by leveraging the flexibility provided by cloud technology.”

 

Tech companies have been all over the banking industry with the cloud. According to the Washington Post, Microsoft created a special financial-services compliance program that gives banks full access to all audit reports, notification of any security incidents and provides them with a roadmap on upcoming security and privacy features.

 

As Karl Keirstead, a Software Analyst for Deutsche Bank AG, shared with the edition, “I know from our own checks that both Amazon and Microsoft are all over the global banks. This is a massive opportunity and prize that the public cloud vendors are well aware could move the needle for them.”
One of the largest banks in Spain, Bankinter, has been recently reported to be using the cloud to run credit risk simulations in 20 minutes, down from 23 hours before.

 

For the Commonwealth Bank of Australia, cloud reduced the time and cost of standing up a new server from eight weeks and several thousand dollars to eight minutes and 25 cents, making the bank much more responsive to changing customer demands.

 

There are certainly more examples of large financial institutions gradually moving parts of their infrastructure to the cloud. While the transition comes with risks, the benefits and further advancing risk management solutions will outweigh concerns in face of cost and operational efficiency.