New Regulations enable Digital Financial Services in Indonesia

 

There has been a remarkable achievement in Indonesia over 2014, as the national poverty level reduced to 11.25% from 13.33% in 2010 and the Unified Database (BDT) launched as a single source for targeting social assistance programs. TNP2K is the Indonesian National Team for the Acceleration of Poverty Reduction (TNP2K) and co-ordinates this work, as part of their duties relating to poverty reduction.

 

I recently caught up with Michael Joyce, Mobile Money Policy Advisor at TNP2K as part of our research work for our soon to be published viewport “Digital Money in Indonesia 2015”. In this blog I am pleased to share highlights from our discussions, to reflect on important regulatory changes from 2014 and consider how they are likely to impact the adoption of digital money service in Indonesia.

image

 

Michael, could you please give us an introduction to TNP2K and your role there?

TNP2K is the Indonesian Government initiative to improve delivery of poverty related programs. It operates to promote financial inclusion with the support of Australian Government through Australian Aid (DFAT) and USAID. It maintains a key database that targets poverty reduction through work promoting electronic payments to improve financial inclusion for poor households.

I’ve been here for two and a half years, and work on regulatory and implementation advice for different parts of the Indonesian Government, to try to improve the financial inclusion benefits.

 

Could you provide some background on the Indonesian context and developments over 2014?

In terms of a review of 2014, there has been a lot happening with OJK work, payments for some subsidy relief programs and in summary, a significant drive towards e-payments.

Indonesia is an interesting market, with officially only 20% financially included, though anecdotal evidence points to around 50% included. There is a strong savings culture and willingness to save. However the tools and price points are not geared towards reaching the large informal sector. Until 2014, digital finance initiatives were slowed down by regulations.

Although E-money licenses were issued there were restrictions on how these could be used in terms of cash-out services at agents. So banks had not been able to use agents up to now. There is a highly fragmented market, with over 17 e-money licenses, but none gaining traction or able to offer a full suite of services.

We started to see a change in 2013, with pilots geared towards reaching the unbanked. In 2014 the results of the pilots were enacted through a law on electronic money and the concept of LKD or “Digital Financial Services”.

 

Can you tell me why a new regulator was needed and how this has panned out?

Otoritas Jasa Keuangan (OJK) was created as a new Financial Services Authority in December 2013, and this is similar to the UK and Australia model. This separates monetary policy from prudential regulation. Prior to this, Bank Indonesia (BI) was the single authority that combined roles of a central bank (such as monetary and interest rates) with responsibilities with regards to Payments.

OJK is now the prudential authority. It has proved to be a good thing, as the role has expanded a lot. While Bank Indonesia had more of a bank-related focus, OJK is now better focused on additional areas such as the non-bank financial industry. OJK looks at microfinance (MFI), rural requirements and non-bank providers and this opened up a new potential to bring lots of areas under one roof.

It always takes time for dust to settle, and establishment of the new regulator and transition to them did slow things down in terms of financial inclusion – for instance the pilots had to be terminated in terms of better transition to OJK.

 

How have the new regulations changed things?

The e-money regulations issued by BI tend to favour the four big banks against smaller banks and telcos. Larger banks can offer a wider range of services through agents. However smaller banks and telcos are restricted to using formal entities as their agents. This proved to be a real restriction as it limits small banks and telcos to formal retail chains, co-operatives and pawn shops, but excludes the mom-and-pop stores that are more commonly found in Indonesia.

The new regulations recently released by OJK provide for a much broader set of services and allow a variety of banks to offer services through agents. OJK was able to obtain and act on industry feedback since the first draft in August, and the final release addressed concerns from a range of stakeholders.

This will let a variety of banks offer effective basic banking account services. There can be a nil minimum balance and they can charge transaction fees lower than normal. At the same time KYC provisions are strong and it properly lays down mechanics of a financial inclusive bank account. There are provisions for microcredit and a whole suite of products for the poor, and interest can be paid and charged.

 

So what does this mean in terms of the agent network? How many stores and outlets could potentially be utilised?

I could not give a figure for this but certainly big banks are looking to have combined agent networks of over 100,000 locations. This is required to cater to the needs of a population of 250 million. Although Indonesia has banking infrastructure in terms of ATMs/POS this does not reach the areas where it is needed. Also it is based on bank accounts rather than E-money, so as to work with existing systems. Now additional over-the-counter (OTC) services at banks and ATM services could also be available. Certainly the potential is huge!

 

But where does it leave the telcos?

Telcos are an important part of this but they cannot participate directly in government payment schemes, which are only to be managed by banks and post offices.

 

In that case would the same problem faced in India not be encountered? In remote areas typically there are airtime top-up networks that banks find hard to control, as compared to telcos

They do, but banks are now learning to manage agent networks. In any case telcos don’t necessarily control their own networks. In Indonesia top-up is now managed electronically and not by scratch cards. This is complex and margins are smaller, but the potential is there.

 

Are there any further plans for regulations over 2015?

Bank Indonesia (BI) and OJK now want to harmonise regulations. It can tend to be confusing with two similar schemes when there are differences. This will take time some time to be achieved.

By far the biggest activity will be the launch of branchless banking and G2P payments (government-to-person). The most important so far is the recently launched KKS (Family prosperity card).

In Indonesia since the new president came into power, one of his big challenges has been to more effectively manage subsidies. The fuel subsidy previously took up almost 20% of the national budget, and this does not benefit the poor. Consequently there is a focus on reallocating funds to cash transfers to the poor.

The database that TNP2K maintains has data for over 15.4 million households. Today the majority of these are paid through OTC. As of the end of 2014, 1 million are paid electronically. This is paid in E-money from Bank Mandiri using the Post Office as an agent and through SIM cards of the three largest telcos. This now delivers funds smoothly and is really a huge achievement. In less than 2 months Bank Mandiri created so many accounts; mobile operators manufactured and distributed so many SIM cards.

 

What is the total volume of G2P?

Well, I can’t share a total amount, but it is on an average 200,000 rupiah per family per month. This year payments will be significantly more, with the offset gained by the reduction of petrol subsidy.

 

How does the model work operationally with SIMs?

It has been really useful to test this out 1800 households. We firstly found one major problem – when surveyed, every family of beneficiaries had a mobile phone. However, often the lady of the house did not have one. In order to ensure control of the subsidy goes to mothers, we gave them SIM cards.

However, to achieve this we ran into two further obstacles. Firstly, obtaining a photo id for them and registering new SIM cards proved to be a major logistics effort. Secondly, the SIM expires very soon in Indonesia. If you don’t talk or add credit, the SIM could expire in as little as a week. With a top-up of 5$-10$ it lasts but then people put in just cents and that expires in days. That is a major problem for distribution of money. When it’s time for the second payment, the SIM may have expired already.

With this learning from the 1800 household pilot, all the telcos co-operated and gave SIMs with a 5 year expiry period. Although top-up would continue to expire, the SIM card won’t.

 

Could you please share a bit about the business model?

Bank Mandiri is the contracting agency. They use the Post Office as their agent, for which they give them a fee. The whole business model is yet to be finalized.

Telcos earn through SMS charges to Bank Mandiri, but again this needs further refinement for a sustainable long term business model.

 

How many have formal identity in Indonesia?

It is difficult to get this information. We find that a majority have Id - Over 90-95% had formal id in our studies. The problems are more that this may have expired when they moved house and have not updated the Id. This is not a big obstacle. Indonesia does have a national ID project, but it is still underway and the supporting infrastructure for reading and using the cards isn’t fully in place.

 

What distinctive changes do you see in developments in Indonesia as compared to the rest of world?

Firstly there is a strong banking sector as compared to Sub-Saharan Africa. So the Telco model is not appropriate. With 50% urban population there is strong role for banks in urban areas and it’s not just a rural problem. We will see more channel infrastructure develop, with POS, ATM and mobile phones.

When I first arrived here we felt that the appropriate regulations were around the corner. However this took time to improve but the industry learnt and readied itself while waiting, so now providers are ready to roll out the services quickly. The E-money program proved that when the country wants to do something quickly they can. So this is an interesting place to watch.

 

Yes, we saw a similar pattern with Prime Minister Modi in India. How about retail payments?

Yes, there is a lot of activity planned in this area. The first step is to encourage more consumer payments through formal instruments. There will be a wider use of the debit card as BI rolls out a national non-cash initiative.

Banks that issue debit cards are committed to working together. There are a phenomenal number of POS terminals, yet they are not used as the market is highly fragmented. In one case we noted a record number of 12 POS in one place – this was at the airport so not really representative, but it’s not unusual to see 4 POS at a single location. There is far too much use of cash, and this is now set to reduce.

 

Thanks so much Michael, this is an incredibly interesting time in the development of Digital Money in Indonesia. I wish you all the best for your projects in 2015 and beyond!

 

clip_image002

Michael Joyce is Mobile Money Policy Advisor at TNP2K where he supports the Vice President’s National Team for the Acceleration of Poverty Reduction with advice on policy and implementation of mobile money initiatives to assist in poverty reduction and alleviation across Indonesia. Michael has a background of working within mobile money and financial inclusion for over six years, previously at WING in Cambodia and with ShoreBank International at Bangladesh.

Charmaine Oak is Author of The Digital Money Game, co-author Virtual Currencies – From Secrecy to Safety

Contact Shift Thought for details of our recently published unique “Digital Money in Indonesia 2014” Viewport.

viewport_indonesia_2014

Passwordless Experience – The FIDO Standards behind this

As security breaches continued to grab headlines over 2014, I was intrigued by new claims that not only could online security be improved for consumers, but it could actually become a more delightful user experience. The launch of Apple Pay has proven to us that this is possible.

With over 150 FIDO members, the Board of Directors alone reads like a Who’s Who List: Alibaba/Alipay, ARM, Bank of America, CrucialTec, Discover Financial Services, Google, Identity X, Lenovo, MasterCard, Microsoft, Nok Nok Labs, NXP semiconductors, Oberthur Technologies, PayPal, Qualcomm, RSA Security, Samsung, Synaptics, Visa, and Yubico.

Keen to understand what attracted so many key players, I was delighted to have an opportunity to interview Executive Director of the FIDO Alliance, Brett McDowell, to understand more about how all this works and what changes we are likely to see in the world of payments because of this.

 

Brett, I’ve heard so much about FIDO as the standard behind high profile launches of 2014, and am keen to understand more. Could you share a bit about yourself and your mission at FIDO?

 

clip_image002

I am currently the Executive Director of the FIDO (Fast IDentity Online) Alliance which I helped to found in July 2012, when I was the Head of Ecosystem Security at PayPal, to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. At the FIDO Alliance, we are changing the nature of online authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online and mobile services.

Previously I spent several years at PayPal where, as Head of Ecosystem Security, I was tasked with developing strategies and leading initiatives to make the Internet a safer environment for PayPal and its customers. I spearheaded authentication strategy, including working with global policy makers to evolve best practices in strong authentication regulation. Prior to joining PayPal I spent several years as Executive Director of industry standards organizations, including Liberty Alliance and Kantara Initiative, which produced standards and accreditation programs in the field of digital identity.

At the FIDO Alliance, our mission is tightly scoped to producing open standards and industry adoption programs that enable implementers to change the nature of online authentication by improving user experience while simultaneously providing better security in a very privacy-respecting manner. We just released the final FIDO 1.0 specifications at the end of 2014.

 

Why did you feel standards were needed relating to strong authentication, and how does this differ from traditional authentication?

 

clip_image004So, “traditional” is an interesting word in the context of strong authentication, as the concept has not gotten a tremendous amount of adoption, especially not from consumers. Before FIDO authentication, if you were an online service provider, in order to authenticate your users, you would typically use username and password. If you wanted more security you had to add another authentication factor from a set of options that were not necessarily designed for ease-of-use. The “historic” approach to multi-factor authentication, or “strong authentication” as it is often called, combines “something you know” (like a password or other form of “shared secret”) with another factor, such as “something you are” (a biometric for instance) or “something you have” (such as a token or physical device). The industry norm in 2011-2012, before FIDO authentication was announced, was username and password as the ubiquitous first-factor, and the second factor, if there was one, was typically a 6-digit one-time-use passcode. You’d get the second factor through an SMS to your mobile device or create it on a specialised hardware device or copy it from a code-generating mobile app on your smartphone. This 6 digit number- the one-time password (OTP) - is called a security token.

The first problem with OTP -- and one of the many issues that FIDO authentication inherently addresses -- is usability. The first word in FIDO is fast, and it helps to explain why FIDO technologies became so disruptive so quickly. We are not about bolting on extra security that puts the burden on the user. We are about delivering an end-to-end innovative approach to authentication through a new, open, online cryptographic protocol that enables best-of-breed device-centric authentication to be used for online access.

 

How does the FIDO UAF Architecture enable online services and websites to leverage native security features of devices and what problem does this address?

 

From the payments perspective our standards enable a better user experience – faster, more secure, privacy respecting and easier-to-use. An example is, Samsung has enabled a number of payments applications using FIDO to allow a user to simply swipe a finger across a sensor on their smartphone or tablet. This is arguably easier than everything else in the market, certainly easier than passwords.

Although the concept of strong authentication has been around for a while and pretty well adopted by pockets of the enterprise market, it has not achieved widespread adoption beyond the enterprise because it has lacked the means to achieve interoperability among systems and devices; FIDO authentication standards enable any strong authentication method, what we call “authenticators”, to interoperate with any online service, independent of solution vendor or device.

Without interoperable strong authentication, you are left with the classic “token necklace” problem; wearing specialized security tokens, often around your neck with your security badge at work, for each online service that requires strong authentication because you cannot use any one of them to authentication into the other online applications. This is because “traditional” strong authentication relied on proprietary centralized servers (closed systems) connecting authenticators in the hands of users to proprietary server side functionality. Limited in both reach and function, strong authentication solutions have been neither open nor interoperable, until FIDO UAF and U2F 1.0 standards , which have opened the door for ubiquitous strong authentication through “net effects” that only emerge from an open ecosystem.

 

Is this interoperability issue something you address through UAF and U2F?

 

Yes, both UAF and U2F protocols, applied to devices, client software and online servers, produce entirely interoperable strong authentication. What the FIDO Alliance founders introduced first was the Universal Authentication Framework (UAF) protocol. This solves pain points around first-factor authentication because it is designed to replace the password, usually (but not exclusively) with a biometric factor that is retained only locally on the user device, never shared centrally or in the cloud. FIDO UAF is a strong authentication framework that enables online services and websites, whether on the open Internet or within enterprises, to transparently leverage native security features of end-user computing devices. In a FIDO ecosystem online service providers can easily achieve strong user authentication, and free users from creating and remembering more online credentials, simply by leveraging existing FIDO devices to authenticate at their sites and to use their services, such as mobile payments where UAF has seen early industry adoption.

If you are going to offer a replacement for passwords, you need a robust mechanism that isn’t based on the same “what you know” shared secret security design that has been the bane of password systems of late. We decided upon asymmetric public key cryptography, which uses a private key paired with a public key for each authenticator registration. However, we knew that putting the private key in the server could create vulnerability and undesired externalities in the case of a breach. We wanted to get to a model that would have no secrets on the server side. With FIDO authentication, the server holds a public key, but the private key is held only by the individual’s personal device, such as a mobile phone, and is never shared outside of that device. We saw the opportunity to make 1st factor authentication both easy & more secure by relying upon existing device-specific user verification methods being embedded in smartphones, tablets and PC’s. FIDO UAF then enables those local device authentication methods to be used securely online.

We found that before FIDO authentication, existing strong authentication options had very low user acceptance rates, sometimes less than 3% of users choosing to register for strong authentication when it was available as an option. The user acceptance of natural authentication methods that don’t tax the user’s memory or require extra steps in the process have been far more successful as seen by the increased number of people opting to lock their phone with gesture locks, 4 digit pin codes, and now biometric sensors like fingerprint sensors. However, under FIDO UAF, fingerprints are just one of many biometric options supported by the protocol- iris scanning, voice recognition, and behavioural sensors from wearable devices, are all supported in FIDO UAF.

We wanted a standard that could support any future authentication method, and support the industry in its drive to continuously innovate. Proprietary innovation happens between the device and user; this is where the industry can compete with differentiating solutions. FIDO standards come into play in the implementation between the device and the online service.

Another question is how online Payment Service Providers (PSPs) would know that the technique between device and user is trustworthy? FIDO standards incorporate the ability for online services like PSPs to set their own security policy defining the devices or device characteristics they want to trust. The members of the FIDO Alliance wanted a solution set that enabled trust between all devices and all services, but didn’t mandate it. They want a solution to be flexible enough to leave the trust decision in the hands of the online service provider who is in the position of making the risk decision related to any authenticated transaction.

 

We have discussed UAF in some detail. What then is U2F and where does it fit in the FIDO ecosystem?

 

FIDO U2F authentication addresses a totally different use case. FIDO UAF provides a simpler, stronger 1st factor authenticator where U2F provides a simpler, stronger 2nd factor authenticator. FIDO U2F does not replace the password but instead replaces the second factor and enables a simpler form of password, like a short PIN number, because the security burden can now be placed on the FIDO U2F authenticator and not the password. FIDO U2F has already been deployed by Google Accounts and now ships in all Google Chrome browsers.

So far the implementations of FIDO U2F authenticators are in the form of external specialized devices, but these capabilities could be embedded directly in handsets or other form factors in the future. What separates FIDO U2F security tokens from the OTP tokens discussed previously is that one device will work with any FIDO U2F server, regardless of vendor solution or device manufacturer. Another key differentiator is the phishing resistance inherent in the FIDO U2F standard. A FIDO U2F user cannot be tricked into giving a secret to a fraudster the way they can in a OTP use case.

Yubico and Plug-up are the two primary providers of U2F-enabled devices today, which work by being inserted into a USB slot. NFC and BLE support for U2F tokens is coming soon and will accommodate U2F devices for use with devices that don’t have USB slots.

To learn more about all the UAF and U2F FIDO Ready™ implementations please visit our website where they are all listed along with the profiles they support.

 

This is very interesting and thanks for helping to make our online experiences easier as well as more secure. Do you have any final message for us?

 

One thing I’d like to emphasize is the relationship between authentication and payments. Payments is just another application that requires strong user authentication. FIDO standards can be used for a whole variety of use cases that require strong online authentication… for healthcare applications, airline bookings, gaming, banking, enterprise use cases and anything that requires a user to authenticate online. The reason we saw the first adoption in mobile payments is because that industry segment had the greatest amount of pent-up demand for faster, easier strong authentication from mobile devices where typing passwords was the least convenient option.

The second topic I would like to emphasize is the relationship between FIDO standards and government regulation around strong authentication. Sticking with the payments example, you recently asked me about how FIDO UAF could be used to meet the criteria developed by regulatory regimes such as the EBA Guidelines. Though an analysis of exactly how a FIDO UAF implementation could meet the requirements of this specific regulation is beyond the scope of this interview, most multi-factor regulatory regimes are looking for two or more of a “what you know”, “what you are”, or “what you have” authentication factors. In just the example we see in the market already on Samsung Galaxy® devices, it may appear there is only a single “what you are” factor being offered by the fingerprint sensor, but there is also a “what you have” factor due to the secure protection of the private keys on the device, resulting in a multi-factor authentication event from a single user gesture. The Privacy and Public Policy Working Group in FIDO Alliance is going to make a concerted effort to educate regulators across various industries and geographical regions in 2015 to help them understand how to apply FIDO authentication to the markets they oversee.

 

Thanks Brett and I wish you the very best for all the further innovation that you plan in this very important space!


image

Brett McDowell currently serves as Executive Director of the Fast IDentity Online (FIDO) Alliance, the organization Brett helped establish in 2012 to remove the world's dependency on passwords through open standards for strong authentication. Brett is also an advisor to Agari and the Bitcoin Foundation.

Previously, Brett spent several years at PayPal where, as Head of Ecosystem Security, he was tasked with developing strategies and leading initiatives to make the Internet a safer environment for PayPal and their customers.

 


Charmaine Oak

Author of The Digital Money Game, co-author Virtual Currencies – From Secrecy to Safety

DMGCovervcbookcover

http://www.linkedin.com/in/charmaineoak

Join me on Twitter @ShiftThoughtDM and The Digital Money Group on LinkedIn

The White House announces BuySecure initiative to address payments security concerns

 

 

Over the years, the fact that Americans had not switched to Chip and PIN impacted both US customers and the world. Now as part of a BuySecure initiative, President Barack Obama has signed an Executive Order yesterday to attempt to improve security for digital money. Implications from associated regulations and new spend must be considered to inform project priorities both in America and world-wide.

 

Why now?

uschipandpinAfter the recent breaches there have been renewed calls for the Congress to act on Data Breach Legislation.

  • What remedial measures can consumers expect in case of data breach?
  • What steps should companies take to notify customers?

Cybersecurity Legislation is also required, to protect Federal networks and balance the need for sharing with the right for privacy and personal liberties.

 

What’s proposed?

The President has outlined a raft of initiatives including his Cybersecurity Legislative Proposal.  His executive order requires US federal government to use Chip and PIN on all its cards, and the government is to begin replacement in January 2015.

The Private sector has been commended to take steps including the following:

  • American Express to launch $10 m program to help in MSME POS upgrade
  • Home Depot to transition 85,000 POS to support Chip and PIN.
  • Target has completed Chip and PIN for all 1,801 stores and from 2015 will reissue over 20 million Target-brand cards, and enable PIN acceptance
  • Visa is to invest over $20 m to educate consumers and merchants on Chip and PIN
  • Walgreens has converted all 8,200 that begin C&P acceptance by 2015
  • Walmart’s 5000 stores will have been upgraded by end of month.

Why the difference between the US and Europe?

The Economist puts forward two main reasons for America being slower to adopt EMV than Europe:

(1) During the 1990s American card companies grew better at managing POS fraud than European counterparts

However, my thoughts on this are that as Visa and Europe operate across both territories, surely learnings cross the Atlantic fairly well.

(2) Regulatory : European Card companies pay most of the cost of fraud while American ones pass off the cost to retailers and even consumers.

This may explain some of it but I think the reasons are more complex and this justifies a more detailed post that discusses the nuances of payments in the two regions. Would love to hear from experts on either side of the Atlantic, to add to the findings from own discussions with payments experts – What do you feel caused this great divide? Do add your thoughts on this in our discussion at LinkedIn.

 

Who benefits?

As identity theft becomes America’s fastest growing crime, these moves are directed towards protecting American consumers and their financial data. However, the need to manage payments for American customers who had not yet adopted Chip and PIN has also caused problems in Europe and elsewhere around the world, where systems had to have exceptional processes to cater to less secure magstripe card payments.

The NRF, the world’s largest retail trade association, applauded the announcements within the BuySecure initiative and has pledged to work closely with merchants to support this.

The announcements made yesterday and the initiatives from CFPB and across the American ecosystem are likely to increase spend in the US and could be good news for the European Security and Payments industry as well as providers around the world.

 

What’s the knock-on impact on digital money projects underway?

Payments projects involve a long gestation period. Now changes in legislation and newly proposed payments priorities will affect spend priorities for the US as well as providers around the world.

Now that the long overdue Chip and PIN issues has been resolved, and some dent has been made on this across the major retailers in the US, we expect a lot of focus and investment can now be placed on downstream security initiatives and set the scene for innovations that can cross the major international markets.

For a full analysis of the entire background, regulations, players and the over 232 initiatives we currently monitor in the US, and how your business is likely to be affected drop us a line at contact@shiftthought.com and we’ll let you know more about how you can gain instant online connected and contextual knowledge on all of this, as well as our soon to be published “Digital Money in USA 2015” Viewport.

 


The Digital Money Game– a multi-trillion dollar industry emerges

 

DMGCover

I have great pleasure in announcing the launch of my new book, The Digital Money Game. I describe the multi-trillion dollar emerging industry I term “Digital Money” from the perspective of very many different industries. It is not just meant for payment experts in large organisations, but for anyone who wants to understand how people pay, and how this is changing in each part of the world.

 

The penetration of mobile phones and smartphones is transforming the way in which consumers interact with brands and greatly facilitates a move towards non-cash payments around the world. To play the game properly though, one needs to understand the changes in a much wider set of fundamentals - identity, security, authentication, regulations, technologies and more, so as to create appropriate vision that goes across channels, services and market segments. That way you have a more effective roadmap with respect to new entrants, and a better chance that what you plan now will still be relevant when your projects go live. I share more about why I wrote The Digital Money Game here.

 

The book is based on Shift Thought research in markets around the world, and my interviews with experts from all the different industries that now participate in payments and financial services. I did my first set of interviews in July 2011. Four years later, the wisdom that they, and countless others shared with me has helped to shape this book. This is the first book in The Digital Money Series and we are currently working on others in the series.

Since then I have learnt so much from so many conversations that unfortunately it is impossible to thank each one of you by name – I hope you will recognize your contributions when you read the book!

 

The book is designed to help you to spot opportunities and gain confidence and insights to channel your work in a way that benefits you, and the markets you serve. It addresses multiple functional areas and levels: Chief Executives, Technologists, Business Development, Market Development and Product Development executives from Banking, Cards, Money Transfer, Telecoms, Payments, Technology, Retail, and Venture Financing Industries.

The digital money approach described in this book can help you create products and services that are secure, convenient and empowering to a whole range of consumers and merchants, across a variety of channels. The goal is to create a shift in thinking – from merely addressing the new opportunity provided by mobile phones, to launching holistic services that build solid brands.

 

My book is available on Amazon stores around the world, priced in local currency and immediately accessible as an  Amazon Kindle download that works across Kindle for PC and a host of commonly used devices. In case it says “Pricing information not available” just look to the right of the screen to select the Amazon site in your country.

In the first 2 days that the book has been available I am delighted to say that it has already been bought from many countries around the world. Thank you so very much for your support and kind words.

 

Have you bought my book? I would love to have your feedback and can direct you to further resources that may be of interest. Do drop me a line at contact@shiftthought.com.

Q&A from our “Disruptions in Digital Payments in China” webinar

Thanks very much to all of you who helped us to make this live webinar (our first!) a great success. With representation from over 20 countries, we received a number of questions and were not able to answer all of them in the time available. The post below addresses these and we hope you will find this useful. There is never just one point of view, and we would love to hear your comments and your unique ways of approaching the questions. If you missed it, catch the free replay here.

image

Q1: Is it advisable to partner with a Chinese company when seeking to enter this market?

A1: In general you may not have a choice in this. The question is with whom to partner and how to set it up so as to remain in control. An example is Yahoo China and Alipay. In Jack Ma’s speech at Stanford on May 14, 2013 he mentioned that Alipay digested Yahoo – they simply ate Yahoo and would not have been able to do their P-2-P advertisement platform without that.

This is a great question and to do full justice would probably need a session in itself. As a guideline, it depends on your industry, your ambitions and the roadmap you plan. Suffice it to say that I have seen careers made and broken largely due to the manner of handling this issue.

Q2: In your experience what is the biggest threat to successfully entering the Chinese market?

Timing and partnerships. Possibly in no other market could I say more strongly that a 360 degree understanding and a watching brief is critical. You cannot afford to walk into this blindfolded without opening yourself and your company to high risks, neither can you afford to do nothing. Understanding, anticipating and planning is highly important. It is equally important to understand Chinese culture and history as much as you deeply absorbing knowledge on the payments ecosystem and timeline.

Products and services must be made fit for the unique expectation of the market. For instance the clean streamlined experience of Amazon is not what is preferred – online shoppers want a busy, “happening” website. Similarly, there is a very different online-offline-CSR engagement in the consumer journey that one needs to learn.

There is a window of opportunity that must be well understood. We have found that players who act too soon have faced problems. On the other hand due to the need for domestic partners, it is advisable to act before all the “good partners” are taken.

Q3: How stable is the regulatory landscape in China? Is it prone to sudden changes?

In general it has taken many years so far for changes expected and talked about to actually happen. For instance I recall I first studied proposed regulations for licensing third party payment providers way back in 2006. They actually came out in 2010.

Similarly it is not uncommon to have a mass rollout, big commitments and plans in a specific direction only to see it overturned (example RF-SIM). For players who have built these products specifically for the Chinese market this can represent a serious setback.

Q4: Who are the companies to watch in this space?

I touched on the main players in the China payments ecosystem during the webinar, so for those who have not heard it, it could be useful at this point to listen to the free replay here. Of course our 295 page “Digital Money in China 2013” viewport offers you the whole list of players, partnerships and initiatives with our best understanding of their importance and traction. There is so much happening in parallel and there is a high degree of cross-over. What we tend to do is to note how the payments gatekeepers are proceeding – CUP, CM, The big 4, the big 3 large PSPs and more.

Q5: What are the best partners to work with?

This depends on who you are and what is required by the regulatory environment. If you are to apply for a license there is a lead time involved.

A good example is Western Union’s recent thrust into China in partnership with ICBC and CUP.

Q6: How should we interpret Digital Payments in Hong Kong? How does the Chinese government and market incorporate the progress and regulation of that market?

The webinar only dealt with Mainland China. We plan a separate webinar that will address Hong Kong, China as also other countries in the region. In general the approach is One Country- Two Systems. This is why Hong Kong, China has a critical role to play in digital payments relating to Mainland China. More when we tackle this topic. Please register to our website (registration is free, takes seconds, only requires email address and provides you a much greater access to the overall content on our portal) so we can send on an invite to you once plans are in place.

Q7: Would you clarify your definitions for "digital wallet" and "digital money", thanks!

The Digital Money domain has been described by Shift Thought™ as a way to understand the ecosystem, products, services and infrastructure involved in the digitisation and transfer of value. We use this term to refer to a host of financial services that use innovative alternative channels, technologies, providers and payment instruments.

For a full definition and understanding of our approach please see Blog #3: What is digital money?

The Digital Wallet domain has been described by Shift Thought™ as a means of understanding the whole range of stored value products aimed at digitising value and enabling the owner to utilise it in a way that offers a superior experience as compared to traditional payment methods. Services utilise an account and stored value or e-money that may be utilised across various channels and services. This includes prepaid cards, vouchers, mobile wallets, e-wallets and more.

Q8: Is there any real digital money in China (I mean digital money that is not dependent on bank account or credit card)? All mobile payments solution are NOT based on digital money.

This is a good point. Please look at my response to Q7 on what is Digital Money earlier. We track an extended set of initiatives to do justice to our definition. However, specifically to answer yours, there is E-money that has been around for a while now. Prepaid cards, both open and close loop exist as discussed in our Webinar and covered in detail in our Viewport. More importantly, digital wallets and mobile wallets are very much in use.

You are right that all mobile payments are NOT based on e-money and a number of them require a connection to a bank account or card account. In the way we cover each of the 50 key initiatives on our portal, you’ll see our icon and descriptions that exactly show what payment instruments are supported for Senders and Receivers of each kind of service.

I hope this answers your question. Please feel free to reach out for a quick chat to discuss further. Also, this is not set in stone. We found an absence of accurate definitions in the marketplace and in those cases provided our own. Where possible we comply with the way in which CGAP, GSMA, Mobey Forum, NFC Forum and other key bodies and thought leaders already use these terms.

Q9: After utilising your China 2013 viewport, I also obtained your comprehensive Indonesia 2013 report. I noticed how in each country, both APAC members have approached and regulated differently - How would Shift Thought help a potential customer navigate these different markets?

That is a great question and thank you for the compliments on our viewports. Shift Thought is fortunate to have compared 19 different APAC countries in terms of regulatory approach as well as the predictor framework we use to project the growth of each of the 32 services we class as Digital Money.

We maintain a highly comprehensive knowledge base of regulations that impact on all these services, and understand how they may apply from each perspective. This, along with our deep understanding of player competencies puts us in a great place when we consult with large mobile operator, banking and money transfer groups in search of the right partners.

We’ll talk more on this in the Indonesia webinar. If you pop me an email on which countries you want to know about first I’ll consider this as we prioritise the webinars scheduled.

Q10: Charmaine - do you see an opportunity for mobile point-of-sale devices targeting Merchants in China much the same way that Square has addressed small Merchant needs in the United States?

Absolutely, and as is always the case in China, one of these providers currently cutting their teeth in the highest populated country in the world could well become a challenger to the Square, iZettle and huge number of mPOS providers currently starting of from the East. But it’s not just China. We’ve seen very interesting and innovative approaches elsewhere in APAC. This blog is getting too large, maybe a separate post later?

Q11: Sub Saharan Africa population is forecasted to reach China's in 20 years. What similarities if any do you see between these 2 markets and what learnings can Africa derive from China now to foster further successes in the contribution of digital money to more financial inclusion of unbanked populations.

Wow, this is a biggie. Thanks for this great question and sincere apologies that I can’t do justice to all of this today. However, I put it the other way, what can China learn from Africa including sub-Saharan Africa? – That is the real question. As the access that people have differs, I’d like to do fuller justice to this in a later post.

Q12: Hi - how pervasive are contactless payments in PRC? Thank you

For all the years I’ve worked with China there has always been something planned – most were trials, pilots. The real progress is in terms of installation of POS that supports contactless payments and cards. Once that is in place and China has elected to support the NFC standard, the people who currently use smart cards for travel all across China could very quickly change their behaviour to use of a mobile device instead. So to answer your question, contactless payments by card are already surprisingly pervasive!

I hope you have found this post useful. Again, this is just my perspective and I would love to hear from you as that is when the learning process really gets enriched. Thanks for the wonderful outpouring of support to me and thanks for being a valued member of our little fledgling Shift Thought community. Together we can make things better.

Paying the price: A new regulatory framework for Cards, Internet and Mobile Payments in Europe

 

An extensive legislative and regulatory package has been recently announced by the European Union. In this guest blog, Jean-Stéphane Gourévitch shares his thoughts on the  potential impact to the payments industry in the EU/ EEA and, possible new threats and risks for incumbents and opportunities for innovation and new entrants.

 

image

Jean-Stéphane Gourévitch has over 20 years of International and European experience at senior management levels. For more details see the full article on his website.

 

 

In July this year Commissioners Barnier (Internal Market and Services) and Almunia (Competition) joined forces to present an extensive Legislative and Regulatory package that will impact the payments industry in the European Economic Area, creating new threats and risks for incumbents and hopefully open competitive opportunities for new entrants and innovators.

The package is organised around two key policy initiatives:

  • Firstly, a draft new Payments Services Directive (or PSD 2) reviewing the original PSD from 2007, to be adopted by the Council and the European Parliament.
  • Secondly, a draft regulation to be adopted by the Council and the European Parliament on interchange fees for card-based payments transactions that also contains a number of important provisions and changes relating to separation of activities of card schemes, consumer rights, and rules relating to card payments.

1. The New Payments Services Directive (PSD 2)

The revised Payment Services Directive brings a number of new substantial and important elements to the 2007 Directive but also retains key measures such as “passporting”.

It aligns the provisions, including those relating to security, fraud prevention and consumer rights applicable to all types of Payments Services Providers (PSPs), whether digital or non-digital.

It also reviews the definition of payments services to adapt these to new digital and mobile payments, opening new areas for competition. The Commission hopes the new Directive will promote the emergence of new players and the development of innovative mobile and internet payment services and solutions in Europe. They further hope this will improve the overall EU global competitiveness in these sectors. Member States will have two years after adoption of the Directive to comply with it.

2. The proposed regulation from the European Parliament and the Council on interchange fees and other fundamental changes

The Regulation creates a regulated area and a non-regulated area for debit and credit cards. The Regulation caps Multilateral Interchange Fees in the regulated area, as regards both Credit and Debit cards. It seeks to hold these to a very low level, first for cross border transactions and after 2 years for all transactions, including domestic ones.

Furthermore, the proposed Regulation introduces some major changes in the rules governing card schemes. It mandates structural separation between the different functions traditionally integrated. For instance scheme management, payments authentication and processing would be separated. This aims at injecting more competition by increasing transparency, protecting consumer rights and supporting innovative payments.

The European Commission hopes this package will be adopted by the European Parliament and the Council of Ministers and implemented before end of March 2014. It is an ambitious programme with potentially far-reaching consequences as part of an ambitious political agenda.

Can you get one step ahead of the regulatory curve and what would this look like?

 

I’ve been studying with interest the European Commission’s proposed new legislative package for payments and digital commerce in general. Clarifying position with regards to mobile commerce and alternative payment systems is part of a trend we see around the world where players had so far been operating in a relatively fluid state with mobile payment services subject to reactive governance controls. This causes compliance confusion alongside both technical and strategic uncertainties.

And it will probably get worse before it gets better as no one is certain of the shape market convergence will take, how regulators around the world will react and what effect this will have on services.

Of course there is another way of looking at this. End user confidence (and therefore adoption) of new payment platforms and digital purchasing models will be dependent on the regulatory environment and many of the key issues regulators and policy makers are focusing on, including security, identity, choice, ease of use and fair pricing.

So could regulation and policy be used as a future indicator of successful business models rather than just as a compliance responsibility? And if so, how many organisations fail to look for and harness the opportunities that these standards and supervisory guidance could be highlighting for us?

If you analyse diverse and recent trends, throw some original thinking into the mix, take a hard look at what is happening now in mobile payments and what the end-user experience could ultimately look like then wouldn’t this give you an edge when forming your strategy or future proofing your technology?

 

imageI think so and I’ll be exploring this in more detail at www.mobilepayments-rri.com in November.