At Infosys Cards and Payments, we help our clients harness the power of technology-led innovation across the entire payments ecosystem encompassing payment networks, merchant services, stored value, FI payment services, and payment aggregators. Our thought leadership and a design thinking approach helps us co-create solutions with our clients to address their business problems.

« January 2015 | Main | March 2015 »

February 19, 2015

Do we really need cards for payment?


Payments have been in practice since very early signs of trade. In ancient days, people used to exchange their goods during trade. This barter system served the purpose for many years. Later on coins were used for purchasing goods instead of some other goods. This way of trade using coins aimed at creating uniform value for "goods" in constant denomination. This practice has still been used by entire humanity today; however mode of recognizing and realizing value has been constantly evolving.  Payments were made using coins, currency notes till second half of 20th century. Towards end of 20th century there have been radicle shifts in this space. People started using paper cheques, drafts, pay orders and other form of paper instruments in addition to currency notes and coins. With evolution of internet, e-payment took preference where no paper is involved as instrument to exchange money. At the same time plastic cards started making entry in the world of payment.

In 21st century technology evolved at exponential pace. It affected payment industry as well. Today it's very common to use your mobile smartphone or wearable device like watch to pay for your coffee, order latest fashion clothes, daily needs, on highway vehicles need not stop booth to pay toll, vehicles pay parking fees on the go. These are just few examples of recent innovations in making payments. However great innovations come with great risk. Focused efforts are required to overcome these risks. Since money has transformed itself to electronic and mobile formats, burglary also has respective versions. It's apparent that authentication and authorization played critical role in ensuring data security. Authentication and authorization techniques evolved during recent time from single factor to multi-factor authentication. Medical advancements in research helped creating biometric authentication technique which is difficult to break into. Thus combination of various advanced researches are being explored today to make payment secure, easy and reliable.

Biometric techniques are currently being used to confirm authentication of payer for the mode of payment in question. For example, user's card has a slot for placing finger of his/her credit card, once user touches this slot and uses card, card can be used to initiate payment. Later on user uses chip and pin mechanism to complete the transaction. If user do not touch the fingerprint pad before card is inserted into to POS terminal or some other user tries to process this card, transaction is not processed successfully and alerts were sent to various parties assuming fraudulent transaction. Such technology is being evaluated by leading network companies today. In all these examples, one thing is common - multi-factor authentication for payment initiated by traditional mode like credit card. Underlying assumption is unique biometric identity helps us ensure, person initiating transaction is owner of the card. There are reports of using ECG or vein pattern in lieu of fingerprints.

In addition to authenticating person, biometric uniqueness has potential to eliminate plastic cards to initiate payment. This method will further strengthen payment processing making it more secure from theft or fraudulent usage. In proposed ideal scenario, card issuer will register card holder's fingerprint and link it against card account. Acquirer will provide merchant with POS terminal which has fingerprint reader. When card holder makes purchase, card holder taps his/her fingerprint to scanner at POS terminal. In this transaction initiation, information that will flow over network is purchase details and biometric identity. Issuer will further decode biometric id to card account and provide authorization. Since biometric fingerprint scanned at POS cannot be faked, authentication process can be saved if perfect match of scanned image is found with issuer. This way payment can be made in scenarios where typically card is swiped for in-store purchases. If fingerprint scanning mobile application is made available by merchant, mobile purchases can also come in this purview. However it will not yet be useful to online purchases. Still mobile and in-store purchases can cover more than 50% of card transactions.

February 12, 2015

Thiel's Zero to One - reflections on potential payments game-changers

Recently I read Peter Thiel's Zero to One: Notes on Startups, or How to Build the Future. It's a must read for change makers (not only for startup founders) even if we do not agree with all the extreme ideas he shares. Here I share some key ideas which may be relevant for the future of Payments business. 

Secrets, moving from Zero to One, 10X improvements, Last mover advantage: 

'We wanted flying cars, instead we got 140 characters', famously said Thiel. The point is technological progress and long term thinking has slowed down in recent times and most are just trying to build a product with incremental improvement. Another mobile wallet, another loyalty engine, another card product with some better features. One bold statement of this book is 'If you want to build a better future, you must believe in secrets.' You must find out a secret which helps you build a product at least 10X better than the incumbent product available in the market (which he calls a transition from Zero to One rather than One to n).Without an order of magnitude improvement you can't expect mass adoption - this is the problem why mobile wallets have not gained mass adoption in US (at least till ApplePay which may change this game). He also thinks first mover advantage is over hyped, generally we see 'last mover' advantage like Facebook or ApplePay where the winning product is not the first one in the market but a uniquely designed product with best user experience.  

Ruling an under-served market and creating network effects (monopoly):

Thiel believes in creative monopoly - new products that benefits everybody and generates sustainable profits for the creator. In his word, 'Competition means no profits for anybody, no meaningful differentiation, and a struggle for survival.' Case in point-mobile credit card readers - with so many players like squareup, PayPal, NetSecure, Intuit we clearly see imitative competition does not work. So the way to go is to start small with an under-served market and create monopoly (think mPesa rather than another valley based mobile wallet start-up). Another recent example of creating successful network effect is UK based Paym - with successful partnerships with banks and other ecosystem providers they have created a uniquely designed product which has received mass acceptance.

Design thinking, you are not a lottery ticket:

Long-term planning is undervalued in an indefinite short-term world. Apple created multi-year plans for designing and promoting beautifully designed products without experimenting with multiple 'minimum viable products', getting market validation and trying random things -the rest is history. Thiel thinks we need a culture change for making better future - instead of diversifying your resources and hoping/praying for a lottery win we should all design our lives, our companies, our products.

As I told before you may not agree to all his ideas but if you are trying to make some epoch-making changes you need extreme ideas. And success is not always luck - think PayPal, Facebook, Palantir...  

February 5, 2015

Chip and Pin cards are safe, are they?


Card payments are, now-a-days, very common mode of payment. Cards have changed their forms from magnetic stripe cards to chip and pin cards, in many countries. Major driver for this transformation of cards was transaction safety. There were many occasions where magnetic stripe cards failed to ensure authentication of cardholder, during transaction authorization process. These frauds were result of either leaked information or stolen identities of magnetic stripe cards. To control these issues, EMV came up with chip and pin cards. This innovation has given card issuers ability to execute processing logic at the card reader itself, thereby reducing online verification traffic and providing better authentication of cardholder at point of sale. It transmits encrypted information that is hardly of any reuse for purpose of making fraudulent transaction, even if it is intercepted. Issuers are mostly under impression that once they implement chip and pin cards, they are safe. However did it serve purpose of eliminating frauds? Probably not. Frauds are still reported by cardholders on their chip and pin cards. At several incidences banks have even declined claims of frauds on chip and pin cards, leaving card holders in a fix.

Success of transaction security in this case, lies in how encryption algorithm is implemented at card readers. The weaker and predictable the algorithm implemented at card reader to generate session key for transaction, the more vulnerable is the card. Unfortunately, neither issuer nor card holder is at fault, if encryption algorithm gives predictable session keys. But consequences of such weak encryption, leaves cardholder at mercy of his/her luck. It potentially makes entire investment in modern card processing infrastructure look like unworthy. Hence it is very important to have strong and unpredictable encryption algorithm for card reader to actually, justify the huge investment that went in.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter