At Infosys Cards and Payments, we help our clients harness the power of technology-led innovation across the entire payments ecosystem encompassing payment networks, merchant services, stored value, FI payment services, and payment aggregators. Our thought leadership and a design thinking approach helps us co-create solutions with our clients to address their business problems.

« December 2014 | Main | February 2015 »

January 29, 2015

Internet of Things (IOT) - Beginning of an Connected World

Changing World:

Please take a short journey with me... It is a cold winter morning. You have got an important meeting in office. Based on your calendar watch updates new alarm time and wakes you up to be on-time. After fresh-up, Dirty clothes are added in the washing machine. Based on the alert from utility (electricity firm) on the expected hourly tariff for the day, washing machine self-selects the lowest tariff and washes the cloth and dries it up. You were in so much in hurry that forgot to switch-off lights, Smart lighting ensure lights are OFF when no-one is around. Vehicle is pre-started, heater is ON, route pre-selected (calculated based on real-time traffic data, climate) and ready to be driven.

On-the-way to office, you stopped by to drive-in restaurants, food was ready to pick-up and payment was done via your watch. Surprised!!!, You reached office ahead of estimated arrival time and delivered your key presentation with piece of mindJJ.  Welcome to the new "Connected World", that is going to take away most of the assumed in-efficiencies from your daily life...

"Internet of Things (IOT) - Beginning of an Connected World"

IOT in simple terms can be expressed as Connect "Things" (physical objects) to Digital World. IOT is slowly shaking other industries that were not part of the digital wave.

Key Components are -

·         "Things" such as wearable (shoes), electricity meters, farm land, Car etc;

·         "Connect" with the help of Telecom Network and short distance communication protocol - Bluetooth, ZigBee, RFID etc;

·         "Monitor/Control" with the help of Sensors, GPS, vehicle telematics etc control/monitor physical objects.

·         "Insight" - With the help of Big data / Analytics, create meaningful insights that can be consumed by firms to meet End-Consumers needs

Key drivers of IOT are

1)     ·         continuous standardization of hardware and software components resulting in lower prices

·         Need for efficiency in other sector

·         Increased focus on Mobility and Cloud computing

·         Matured Big Data /Analytics based solutions

Financial Institutions always were at the forefront of adopting new technology. Now firms are trying to leverage IOT. Consumer is surrounded by many physical objects and if payments are embedded on those objects and acts as per consumer wish and without using card/cash/smartphone, it will empower consumer. Having said this, a seamless experience will be a key success factor such as payment via wearable watch w/o any need to enter PIN repeatedly.  In this IOT journey, FI's will be able to understand their customer better, clearly segment them, will allow them to truly customized products for every consumers to reduce consumer churn, increase loyalty, coupled with improved efficiency, resulting in more top-line and bottom line and different brand experience.

 Gartner predicts Internet of Things installed base will grow to 26bn Units by 2020 and generate $1.9 trillion in global economic value-add. To bring IOT in mainstream, partners across the value chain, standard and easy integration and self-sustaining ecosystem to facilitate interaction between discrete objects from various manufacturers, service providers, aggregators, enterprises, without any privacy breach otherwise IOT may just become another buzzword without making any positive impact in our life..

Loyalty Trends in 2015

Loyalty Marketing has been a constant space for innovation and has undergone various reforms in past few years. The changing market space, customer demands, competition etc. have warranted continuous upgrades in technology and marketing strategy in Loyalty Domain. 2015 can see enhancements in existing strategy and also new technology, to Attract - Engage - Retain customers. While customer remains the focal point in Loyalty Marketing strategy, the means to reach out and close a transaction can be the primary focus in upcoming year. 

Marketers have realized the essence of Immediate Gratification towards customer as this brings in high percentage of repeat purchase. A 'Now over Tomorrow' approach can be the mantra for Loyalty marketing strategist to make the customer feel special. Anticipatory Marketing can outdo the traditional 'Wait and Watch' approach, wherein Big Data Analytics can be used to predict customer purchase behavior and provide tempting products, every time the customer logs in to the shopping portal. Over past years we have observed that as long as the value of data exchange is enticing, consumers are willing to allow brands access their data. Therefore marketers will to move beyond basic segmentation to offer truly personalized experience.

On the technological front, integration of various technology will remain a major TO DO for loyalty marketers. Highly integrated systems are bound to provide more personalized experience towards the customers. Geo- Fencing is another exciting area which will gain momentum, using GPS technology to track and offer real time offers/rewards to customers. Enriching online experience and connecting with customer via Chat engines can also be areas where marketers can focus upon.

Although the above mentioned points can be some new variation in the Loyalty marketing strategy, Loyalty Marketing in 2015, will mostly be influenced by the below accelerators.

Blog - Pic.jpg

Leading organization are already convinced that Loyalty Marketing is not only a platform to retain customer, but also is highly profit making. Therefore in 2015, we can expect exciting innovation towards both technology and customer attraction/retention strategies.

January 16, 2015

Card Numbers - Are they really a necessity?

I was recently cleaning up the mess in my wallet when I saw the number of cards that I had. I had a look at the cards and I don't even remember using them for quite some time. That was when I started asking as to what is the requirement for a card number, when I did not even remember even one card number.


Then what is this fuss about card numbers. Do we really need to have card numbers to transact on our cards? Coming from a Risk Management back ground in cards, my thoughts moved towards the risk aspect.


As per the information provided by Smart Card Alliance, e-commerce growth has been steady and is likely to continue with the upward trend for some time. The reason for the growth has been the increased feeling of comfort amongst the consumers with shopping on the Internet, as businesses continue to innovate. Smart Card Alliance estimates that the sales on internet could exceed another $200 Billion only through Card Not Present Transactions.


As per a report submitted by RSA, Card Not Present (CNP) credit card fraud in USA alone has increased from $2.1 billion dollars in 2011 to an estimated $2.9 billion in 2014. This figure is expected to go up by more than 100% in the next 3 years.


These is not a solution in the short term, but as per me can help in reducing online fraud and phishing as what a person doesn't know or has not access to is not going to harm him/her.


One of the major factor that I consider in online fraud is the easy access to information that is required for online transactions. Card number, expiry date and CVV value is easily available on the card. What is the requirement for having critical information on the physical card? What would happen if the card number and CVV value is not present on the card?  What if the customer has no idea as to what the card number or his card's CVV value is? What if the card number is to be used only for the Bank's internal use rather than giving the customer this information?


The next thought that came to my mind was how would a customer do internet purchases, if he has no card number or CVV value? Today on most of the websites, the customer has to key in his card number, expiry dates and CVV number to get an authorization for an online purchase. What if online purchase was modified to route the transaction to the customer's internet banking site, which has a secure log in. Once the customer logs into his internet banking site, he accesses a secure module, which can be activated through an OTP through his registered cellphone with the Bank. Once he enters the secure module, the customer gets to see the list of cards that have been issued to him, the card information in the secure module could be just the first and last 4 digits of the card and the remaining digits being blocked out. The card product can also be described to make the selection simple. The card in this secure module is to be linked to the card CVV which is not visible, but is sent across for authorization when the customer selects the card for transaction.


Most of the banks have moved away from the age old method using card numbers to access internet banking to using specific ids. So card number becomes irrelevant in these instances also. Another thought which came to my mind is in terms of customer service. If a customer needs to call up customer service to find out details of his card or any other action on his card, how can he access or provide information without a card number. Banks will have to start looking at solutions to handle this. One of the method that comes to my mind is multi-variable identification of customer using different information like date of birth, id number etc. With most of the countries having a unique id for citizens and a passport id for non-residents for their banking records, this information can be used along with the date of birth to trace the customer information rather than the card number.

January 15, 2015

Open Source Data Analytics Software for Payment Processing Companies- Is it viable?


Payment processing industry is a highly sophisticated industry that employs best in class IT solutions for supporting various business processes.  Enabled by advancements in technology, the industry is seeing innovation in terms of new products offerings like Mobile Payments, Digital Wallets etc. This industry also needs to comply with several regulations like PCI-DSS, SOX, local country regulations etc.

Paradoxically, this industry suffers from the lack of sophisticated approaches and platforms to analyze business data to help make better business decisions.

Does advocating the use of open source tools for data analysis in a technologically mature and highly regulated industry make sense?

We have heard of the oft repeated disadvantages of open source software in terms of steep learning curves, compatibility issues with existing infrastructure and lack of dedicated support juxtaposed with the advantages like near zero licensing fees, continuous and real improvement due to quick-turnaround for bug fixes and patches, lack of dependency on the company that originally created the software and availability of source code to the IT team.

There are several Open source data analytics tools, visualization programs and languages like R, Talend, JasperSoft, Pentaho, SpangoBI etc. available in the market. Many of these softwares are used extensively by companies in various industries. At the same time, several Data Analytics software offered by traditional vendors are also available in the market.

The one thing to note is that for data analytics, 'one size fits all' logic doesn't apply and every organization has a different philosophy and approach towards the data analytics function. Moreover data analytics function can be a potential source of competitive advantage and hence it is unlikely that it can be fulfilled by a COTS product.

Moreover the analytics function is internal facing and thus likely to be immune from any external regulations making it a good option for open source software.

Analytical solutions usually need to evolve over a course of time so that they can adapt to the changing needs of the organization. In such a scenario, it makes sense to adopt an Open Source tool which comes along with the source code making it easier for IT teams to tweak, modify and extend the solution to make it truly beneficial to end users.

The Go-No Go Decision wrt. Open Source Data Analysis software can be summarized in the following matrix:


Consider Open Source

Consider Proprietary

S/W Orientation

Internal Business Users

External Customers

Propensity for Change



Governed by Regulatory Compliance



Requirement of External Support



Intent to extend existing solution




One good approach to utilizing open software is to choose a 'subscription based' version of the open source software. Such an option comes equipped with essential security features, dedicated user support, bug fixing, consulting, training services etc. making it compelling offering with respect to a proprietary competing software.

January 8, 2015

Tokenization as a service

Advancements in technology have penetrated our day-to-day life and impacted many areas such as healthcare, finance, payment, shopping, and driving, to name just a few. Automation is no longer a concept restricted to technology labs but has already entered the mainstream in the form of automated teller machines, automatic cars and automatic call recorders. Receiving personalized alerts on your watch warning you about overeating, lack of physical activity, increase in blood pressure or heart beats is not a fantasy in a James Bond movie anymore. Today the world is not just connected but also connected more meaningfully than a decade ago.

Though technology has been making life easier and simpler, its misuse, especially by hackers and cyber criminals, eclipses the advantages at times. Millions of data records including personal and financial details of customers and payroll information of employees are being stolen from employers as well as service providers such as financial institutions and retailers. Technology experts and leaders have been tirelessly working on making data storage and transfers more secure.

These relentless efforts have resulted in new hardware as well as software products like Intel's 'secured intelligence inside' or Apple's well-advertised 'ApplePay tokenization'.  These products indicate the seriousness of industry leaders in ensuring secure data transfers without compromising on ease of operation and speed. While hardware security still has boundaries and is under the complete control of the manufacturer, this is not the case with software. Let us take a closer look at 'tokenization' which is extensively used as software security tool, today.

In the field of data security, tokenization is, to put it simply, substitution of sensitive information or data with non-sensitive data. Typically, tokenization is used to create dummy information which makes no sense to trespassers and unauthorized users. After reaching its destination, this information can reveal the exact original identity or message.

Not a new phenomenon

 As history indicates, tokenization has been around for centuries. Kings of yore and political leaders of different parts of the world have been using encrypted messages to share secret information. This method proved to be a suitable form of tokenization in that era. Later, trading with gold and silver coins was converted to paper-based trading where a paper token like a cheque or a draft represented the transaction amount and could be exchanged for actual money. In fact, today's currency notes also began as promissory notes representing an equivalent amount of money and slowly turned into a form of money in their own right. Casino chips are an example of money changing identity in the context of a game. These examples only represent change of identity of the original amount without hiding the actual value of the money.

In the digital era, tokenization has achieved a much higher sophistication, creating unrecognizable data identity for sensitive information. This sensitive information can be an identity of a person, an account number, transaction details, a combination of all or even a string of information units like a uniform resource locator (URL). A common example of such ciphering is the 256-bit cipher algorithm used in Internet Explorer.  This algorithm converts the URL and the information that goes with it into a string of bytes. The original form of the URL is extremely difficult to decipher and to arrive at in a fraction of a second.

Gaining importance

A few key standards currently being used in the financial industry are:

·         The Payment Card Industry Data Security Standard  (PCI DSS) provides "an actionable framework for developing a robust payment card data security process including prevention, detection and appropriate reaction to security incidents."[1]

·         American National Standards Institute (ANSI) oversees the creation, dissemination and use of various norms and guidelines that directly impact businesses in almost all sectors.[2]

·         Europay, MasterCard and Visa (EMV), a global standard for inter-operation of integrated circuit cards

Institutions such as RSA, VISA, Mastercard, EMV Co and American Express already have their own tokenization mechanisms which are proven in the financial systems domain. Today, these players are acting as aggregators for various banks in the transaction banking space. They are also creating innovative techniques to make financial data transfers increasingly secure.

With the growing penetration of 'Internet of things' (IoT), non-financial sectors are also inclined towards creating an ecosystem for secure communication. The growth of cloud-based solutions has also fueled the need for secure data transfers. Strong and secure tokenization techniques are becoming the focus of all businesses.

The future of tokenization

The changed outlook towards security, privacy and data protection has prompted business leaders to think of tokenization as separate service. Businesses are looking for more efficient means of data security and if leading security experts provide Tokenization-as-a-Service (TaaS), it can end their quest for information safety. Security providers can focus their efforts on tokenization based on high-level market segmentation providing it as a service for the financial and non-financial industries. Aggregators like VISA, MC and AMEX are in a better position to host TaaS for businesses because they can ensure:

·         Focused efforts to develop secure algorithms

·         Cost saving by avoiding the re-invention of the wheel

·         Faster penetration and greater adoption with the existing customer base

·         Central risk mitigation

The VISA chief executive has already indicated the company's intention is to be an aggregator for token services. Given the growing awareness about data security, it will not be long before aggregators start creating specialized Tokenization-as-a-Service offerings to address the concerns of business.




January 5, 2015

Regulatory Spending - Can we manage it more effectively?


Regulatory compliance takes one of the largest share of IT spend in Financial Institutions (FIs). Regulatory spending is seen as a necessarily evil and with increasing frequency and diversity of regulatory changes it makes sense to relook at the way we plan regulatory compliance budget. Here are few ideas FIs can explore to effectively manage the regulatory compliance budget:


1.     Start early, think long term and plan proactively- Most FIs follow a wait-and-see approach till it is very late to effectively manage the regulatory compliance. Leaders and Subject Matter Experts (SMEs) should be involved very early to plan the migration approach so that it does not become a pain to meet the deadline. Our SEPA experience shows that late start increases risk and eventually cost of quality.

2.     Involve all key stakeholders and Exploit synergy - We are seeing overlapping regulations in local, regional and global level. Unfortunately many FIs are addressing them in silos without exploiting the synergies to reduce Total Cost of Ownership. Our suggestion will be to categorize the regulations in key themes and whenever possible address them collectively in terms of Enterprise Architecture, Program Governance etc. One example can be AML/KYC regulations which can be better managed if we address the global and country specific compliance needs in a collective manner. We also feel FIs should create Program Management Office/Center of Excellence involving all stakeholders (Tech, Business, and Legal etc.)for addressing key regulation themes so that it becomes easier to address any resourcing bottlenecks and conflict of interests.synergy.jpg

3.     Monetize the opportunity - All regulations try to solve specific market problems. FIs need to think beyond compliance and try to exploit any opportunity it offers. Case in point SEPA - SEPA offers huge benefits of market expansion, standardization, rationalization and process simplification. But unfortunately very few FIs/Corporates have monetized those opportunities as their solutioning were only confined to addressing the compliance.

January 2, 2015

Case for promoting responsible spending


When credit card was introduced people started spending more than cash. Payments is attributed for lot of shopping cart abandonment - we all hate paying for things. With the new trends to make consumer payments process invisible (passive payments) the hope is consumers will feel more at ease and spend much more. With Social-Local-Mobile (So-Lo-Mo) targeted offers, gamification and predictive analytics we will probably see lot more customer spend - and sometimes spending for unnecessary stuff beyond our means. I don't need another mobile phone - but my credit card has a 20% off offer (also I can pay in installments) if I spend more than $200 and then this model is the latest trend in market (all my friends have it). We all have faced similar situations before and this is the big conspiracy theory of consumerism.


More spend in credit card is generally good for the Payments players (Card Networks, Issuers, Acquirers, Processors etc.) and for the merchant. But there are cases where it may not be good for Issuers and consumers. You make a big spend but could not pay for it - ultimately it is losing proposition for both you (credit score hit, legal issues etc.) and your card issuer (credit loss, pain of collection etc.). I want to make a case for responsible spending and reminding customers in those specific scenarios. As a consumer you are close to touching your credit limit or late on payments in past balances - card Issuer should remind you real-time basis to validate if the purchase really make financial sense considering the situation you are in. In the long term I think responsible spending helps everyone even though in short term that may be bad for few players. Responsible spending helps society by allocating resources properly without going through boom and bust.

January 1, 2015

Can technology clean the dirty side of payments business?


Payments could have been as simple as exchanging emails. I want to pay you in exchange of some service or goods, I know your 'payment address' (account number, mobile number, email or any other identity) and I send the payment. Payments could have been made free if it were that simple (the minimum operational costs could have been covered by revenue from transactional intelligence for targeted offers etc. - the way any email service works).

Unfortunately Payments have an ugly human side which is very costly - collecting debt from consumers and merchants who are bad actors. Yes, I am talking about loan collections and chargebacks. There will always be consumers who cannot or will not pay on time and there will be huge amount of effort (in mass scale) wasted to push them to move to a payment plan or ultimately waive it off as bad debt. Similarly there will be merchants who will not service the customers properly and payments companies will have to investigate and claim chargeback for their customers. All these cost huge resources for payments companies. On top of it we have other operational and compliance overheads such as Payments Fraud, Money Laundering etc. which are huge reputational risks as well.


Can the latest technologies help payment companies tackle these ugly issues and lower the cost? I think it surely can and will be the next opportunities. Few areas where we can see most traction in future are Tokenization, Predictive Analytics, Machine Learning, Big Data, Internet of Things (IoT) and Fog Computing etc. The way we assess Credit/AML risks today are very limited - in future these analytics technologies can help us link many unrelated incidents which can uncover many risks on a near-real-time basis. With IoT and Fog Computing we can have built in Intelligence in devices to reduce frauds and false claims. The opportunities are limitless...

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter