Stay in control in a world of billions of tokens

Stay in control in a world of billions of tokens

The number of tokenized payment credentials (often referred to as tokens) is going to increase substantially and fast in the coming years. Tokens have already shown to be successful as a secure and reliable replacement of PANs (Primary Account Number) in mobile HCE/NFC payments.

Because of the simplicity, enhanced security and the broad digital applications areas, the use of tokens are now expanding to other areas. Tokenization will no longer only be used to issue digital payment cards (tokens) to mobile devices, but will also include online merchants, Internet of Things (IoT), subscriptions and in-app payments, which will result in billions of tokens.

What is the benefit of tokens vs. Card-on-File?

The challenge with Card-on-File (CoF) is that consumers enter their card details everywhere they purchase goods and services online, and they eventually lose track of where those details are stored. Another challenge is that the consumer must update all stored CoF whenever he receives a new card from the bank. Unlike CoF, all tokens are preserved within something we call a token vault. This is a place that also holds the relationship between PANs and tokens. The concept of a token vault combined with the fact that a token is always generated for a specific wallet (device, merchant, other), makes it therefore possible to manage and keep control of all created tokens.

But first: how to provision these tokens?

There are several ways to provision tokens to merchants, IoT, OEM Pays (read a previous blog post about OEM here), mobile and other types of digital wallets. Most of these will support what is referred to as Push-provisioning. This feature allows the consumer to generate and push tokens using the Issuer’s app. MeaWallet is making it easy for banks to implement this feature through Mea Token Management SDK (Fact Sheet Mea Token Management). Mea Token Management SDK can be integrated directly into the Issuer’s app. It communicates with Token Service Provider(s) and ensures that the card gets tokenized and provisioned into any eligible wallet, merchant or device.

More control to the consumer with Mea Token Management

The consumer should be able to keep control of and manage all tokens that are created and issued. The customer can access these new features through his existing mobile- or online bank. Token Management is supported and incorporated in Mea Token Management SDK. It offers all the required functionality to retrieve and view all created tokens, as well as suspend or delete them. This gives the consumer complete control and the bank will increase traffic to the mobile- and online banking services.

Figure: Illustrates some of the features of the Mea Management SDK

Our mission at MeaWallet is to help our clients simplify mobile payments and support implementation. Our team is passionate about the subject and continually looking at the evolution and trends in the mobile payments space. Hansa Andersson, VP sales at MeaWallet, personally welcome your comments or invite you to get in touch directly with him at hansa.andersson@meawallet.com.

 


The “ninja version” of a mobile wallet?

Converged what? Wallet?

The payment market has for some time now been talking about a converged wallet, but what exactly is that? Is it a “ninja version” of a mobile wallet, or is it simply an evolution of a mobile wallet?

A few years ago everyone spoke about Omnichannel and how it would revolutionize the way marketing, consumer- and shopping experience work. But in order to make omnichannel work, you need a payment instrument that works for all channels. This Omnichannel payments will typically be gathered in a “wallet”, let us call it a converged wallet for now (see what I did there?), which is the ultimate tool for payments through all channels.

The converged wallet got its name from the convergence of in-app, online and in-store payments through the same payment instrument; the wallet. Through tokenization and the introduction of Digital Secure Remote Payments (DSRP), the same tokenized card can be used for payment in all channels. This brings security and convenience to a new level, whereas tokenization protects the cardholder's actual PAN. In addition, will DSRP and Masterpass increase the convenience when shopping online or in-app.

Is the timing right?

The time for making your move towards the mobile- and digital space, is now. There are huge changes in the market with new FinTechs popping up every week and regulatory changes like PSD2 and GDPR. The market is forced open by new actors. It is of great importance to stay relevant, updated and competitive. Many banks have started their strategies and initiative in the mobile and digital sphere, but the technology and markets for converged wallets have yet not been mature enough. We now have the needed technology, both mobile payments, as well as the market's readiness have matured, so all the pieces are lined up and available. Now!

Youths expect their banks to offer mobile and digital services, and are very open to change bank for what they consider to be better services and products. This is a radical change to how it used to be. Customers are no longer loyal to their banks, and digital and mobile services are one of the driving forces for this “infidelity”. Banks are now in the position where they must choose their direction. Will they move in front and maintain the customer relationships with the technology, services, and products the customers expect, or will they accept that other actors will handle that part?

If the choice is to let other actors take care of new services, the bank will stay relevant for their customers merely as an invisible infrastructure. Both are strategies, but by choosing the passive one, the bank might end up disrupted by a startup bank, or someone else. They need to catch up with innovations and technology now in order to stay in the race.

How is it possible?

The way we in MeaWallet have solved our converged wallet is by combining the online and in-app shopping from Masterpass with tokenization through American Express Token Service, Mastercard Digital Enablement Service and Visa Token Service for HCE payments. This combination is great, allowing the users to pay wherever a card can be used, might it be in a webshop, in a physical store or in a merchant app.

Masterpass is a giant actor for in-app and webshop payments that permits consumers to store their credentials in a safe place and provide the merchant with these while shopping online. This significantly reduces friction and drop-off rate for the merchants. The HCE payments are performed by using the payment networks’ tokenization solutions, ensuring global acceptance and interoperability.

Caption: Converged wallet that can be used in any channel both online, in physical stores and in-app
So is it a ninja then?

So let us go back to the beginning of this blog post, where we asked; Is a converged wallet a “ninja version” of a mobile wallet, or is it simply evolution of a mobile wallet? I think it is an impossible conclusion to draw, but it surely is a great leap in the right direction to become the one and only payment instrument you will need. It is omnichannel for payments, connecting all the dots.

To sum it up; it is more than evolution although it cannot do insane ninja tricks. Yet!

Eager to learn more? Get in touch with us at hello@meawallet.com


OEM Pay vs. Issuer Pay

OEM Pay vs. Issuer Pay

With the introduction of mobile payments, a brand new market has opened up to OEM pay. The OEMs revolution of in-app and App Store payments, of which the next logical stepping stone has been contactless payments. This has resulted in OEM Pays, which is the Mobile Payment Applications (MPA) of the mobile device producers, which allows users to add cards from multiple banks to the wallet application.

There are many OEM Pay apps out there, and the most common are; Android Pay, Apple Pay, and Samsung Pay. OEM Pay enables issuers to be present in the pre-installed OEM Pay app, allowing their users to perform payments. The solutions are rapidly growing in popularity and expanding into new markets and countries.

Since the launch of the various OEM Pays over the last few years, they are perceived as giant actors in the mobile payments ecosystem, each serving about 25 million to 85 million users.

What about issuer pay?

Issuer Pay allows Issuers to provide their users with their own Mobile Payment Application (MPA), designed to reflect their specific look and feel and promote their branding throughout the application. The MPA can be combined with the issuer’s existing application(s) or provide a separate payment app only for mobile payments. Compared to the OEM Pays, this provides a more flexible user experience, design, and user interaction.

Key benefits

The two varying options bring different possibilities and opportunities for the issuers. OEM Pay can give the user a more seamless experience, as all cards are in one application. The Issuer Pay can bring more flexibility and possibilities to the user, especially in terms of value-added services and interaction with the users.

The below table highlights some of the key features and differences between OEM Pay and Issuer Pay.
Branding options are very good for Issuer Pay as the issuer controls the mobile application and the user experience.  In OEM Pay, the issuer has limited branding possibilities through card art and other available interfaces. The popularity and availability of iOS, Apple’s proprietary operating system, has been one of the major reasons why issuers have decided to enable OEM Pay and especially Apple Pay. On iOS, NFC is not available for third-party developers, allowing only Masterpass transactions to work on that platform.Red is not available, yellow is partially available,  green is available

With Issuer Pay, the issuers can maintain flexibility with a highly customizable solution. This allows for a simplified user experience and onboarding, the possibility to add other services to existing applications and the choice of which technology to use.

Combining the Pays

By combining Issuer Pay with one or multiple OEM Pay apps, the issuer will benefit by providing a broader and more flexible solution, allowing the consumer to choose what wallet to use. In addition, the issuer can enable their cards to be available in other third-party wallets, meaning every wallet with support for third-party cards can digitize them providing yet another channel to usage.

Connecting the Pays give issuers possibilities to expand their customer base, be present in multiple wallets and provide the best user experience for consumers. For users, the key benefits are the ability to select their preferred payment wallet with the knowledge that they can use their existing cards in any of the apps.

If you would like to learn more about OEM and Issuer Pay, comment below or get in touch with us.


Introduction to PSD2 - part two

Transactions without the traditional players

In our previous blog post, we looked into PSD2, what it is and how it might affect banks’ business. This post takes a look at one of the key parts of PSD2: XS2A.

What is XS2A?

Access to Account (XS2A) might be the biggest technological innovation in retail banking since the internet. The XS2A opens up for bypassing actors in the existing e-commerce ecosystem. The Card Scheme and the Acquirer will be by-passed since XS2A allows direct communication between the Merchant and the Customer’s Bank. For in-store payments, this paves the way for solutions without the need of a Point-of-Sale. The shopping experience in-store can be similar to e-commerce transactions.

Third-Party Providers and XS2A

The inclusion of  Third-Party Providers (TPPs) might be the most significant change in PSD2, where Access to Accounts (XS2A) is introduced. Banks and other financial institution must give certain licensed third-parties Access to Account information, and can not treat payments that go through Third-party Service Providers any differently.

There are two types of TPPs, the Account Information Service Providers (AISP) and the Payment Initiation Service Provider (PISP). The AISP provides information about your accounts and balances, and the PISP initiate payments without going through the traditional payment networks.

Traditional e-commerce Transaction

Today, when shopping online, you decide what to buy, and complete your purchase using your card. The merchant will have an Acquirer, who will then contact the customer’s card scheme e.g. MasterCard or Visawho will then pull the payment, debiting the customer’s bank account.

 

Post PSD2 transactions

When all aspects of PSD2 are rolled out and put into motion, the traditional e-commerce transaction explained above will be disrupted. Instead of entering all your debit or credit card details, you will then be asked whether you want to give the retailer access to your bank account. By agreeing, the merchant takes you to your bank’s internet banking site where you give the required permissions.

How Facebook login and permissions flow is today

This is comparable to how you use your Facebook or Twitter information to log into your apps and websites, without ever exposing your details to the service providers.

 

You will not give your bank login details to the webshop, and the bank will never access your retailer login details, you simply give permissions to the webshop to execute payments on your behalf via your bank account.

 

Innovators have already begun

The new Payment Services Directive is being put into force now. Requiring issuers, banks, merchants and all other actors involved in the payment ecosystem, to adapt to the changes. This has already driven innovation in the space with new players disrupting the traditional existing roles in the payment ecosystem. Seqr is an example of a mobile wallet that utilizes access to the account (XS2A) in order to create a great mobile payment app. The app allows users to pay using QR codes, or by using the contactless capability on their phone, to deduct the money from the user-selected account. What other services will we see taking centre stage as PSD2 (spreads) takes hold?


MeaWallet and Latvian Investment and Development Agency

MeaWallet has signed an agreement with Latvian Investment and Development Agency for participating in a support funding programme related to business development, expansion and international export of products and services. The cooperation allows MeaWallet to market it's Products and Services widely in different industry exhibition and conferences.

SIA “MeaWallet Latvia” ir noslēdzis 08.07.2016. līgumu Nr. SKV-L-2016/546 ar Latvijas Investīciju un attīstības aģentūru par atbalsta saņemšanu Darbības programmas “Izaugsme un nodarbinātība” 3.2.1. specifiskā atbalsta mērķa “Palielināt augstas pievienotās vērtības produktu un pakalpojumu eksporta proporciju” 3.2.1.2. pasākuma “Starptautiskās konkurētspējas veicināšana” ietvaros, ko līdzfinansē Eiropas Reģionālās attīstības fonds.


Introduction to PSD2 - part one

PSD2 - what is it, and what will change?

PSD2 has been on “everyone’s” tongue in the banking industry the last year or two. A follow-up from the first Payment Services Directive, it aims to change the way retail banking is performed in the EEA.

The Payment Services Directive (PSD) is an EU Directive that was put into force late December 2007, regulating payment services and payment service providers in (European Union) EU and European Economic Area (EEA). The Single Euro Payment Area (SEPA) defines the interoperability of payment products, infrastructure and technical standards, such as ISO 20022, IBAN, BIC, rule books for credit/debit transfers and more.

The PSD provides the legal framework within which all Payment Service Providers (PSPs) must operate. The Directive's purpose is to increase Pan-European competition and participation in the payments industry. Also from nonbanks, and to provide for a level playing field by harmonizing consumer protection and the rights and obligations for PSPs.

The key changes in PSD2

The Payment Services Directive 2 is designed to make cross-border payments as “easy, efficient and secure as national payments” and improve competition by opening up payment markets to new entrants. In this chapter, a few of the most important changes will be covered.

Authentication

PSD2 gets increased security rules for consumer authentication, where its goal is to reduce the fraud. All PSPs will be required to apply “Strong Customer Authentication” (two-factor authentication) when someone initiates an electronic payment transaction. Strong Customer Authentication gives consumers and merchants higher protection against fraud by setting higher requirements for user authentication.

Consumer protection

The PSD2 seeks to get better protection for the consumers, by no longer allow PSPs to charge payers for making the appropriate notification in the event of loss/ misappropriation of the relevant instrument. PSPs therefore will need to revisit their policies in this respect and adapt them accordingly to follow the new regulation.

Third-Party Providers and XS2A

Third-Party Providers (TPPs) might be the most significant change in the PSD2, where Access to Accounts (XS2A) is introduced. Banks and other financial institution must give certain licensed third-parties Access to Account information. At the same time, they can not treat payments that go through Third-party Service Providers any differently. There are two types of TPPs, the Account Information Service Providers (AISP) and the Payment Initiation Service Provider (PISP). The AISP provides information about your accounts and balances, and the PISP initiate payments without going through the payment networks.

Change with the changes

At MeaWallet, we believe that PSD2 will change retail banking as we know it. It will speed up the digitalization of the banking sector. As a result, new services arising as a result of the new payment directive, the consumers will further increase their demands and requirements from their bank. In a competitive landscape, the winners will be the ones meeting the digitalization up-front with innovative solutions and services. Not the ones clinging on to their legacy.