Article | August 18, 2021
At my current company Monizze, we issue social vouchers, like meal, eco and gift vouchers. These vouchers are consumed using a specific Monizze payment card via a physical terminal. As a result, I come into contact with card payments on a daily basis. Unfortunately, I am still far from being a card expert, but along the years I can say I have built up a good basic understanding of how a card payment happens. As I had to collect information from different sources to get this first good understanding, I thought it might be interesting to share my summary for "dummies" of how card payments work.
First let us have a look at the card itself. A card is just a plastic carrier on which a design is printed. Afterwards a chip (an embedded microprocessor) is attached to the card, on which 1 or more applications can be deployed. A card with such a chip is often also called a smart card or an EMV card, with EMV an abbreviation for "Europay MasterCard VISA", which are the 3 companies that originally established this global electronic transaction standard. A card does not need to have a chip, some cards only have a bar code or QR code on them, while others have a magnetic stripe. Obviously an EMV chip card is more secure than those other models.
Most EMV chip cards today are Dual Interface chip cards. This means the card can be used in both contact (i.e. the card is put in the terminal to read the chip) and contactless (i.e. the card communicates via an NFC antenna with the terminal) mode.
This should not be confused with co-branded / co-badged cards, which exist quite a lot in Europe. As many countries still have their local payment method (like Bancontact in Belgium, Girocard in Germany, Cartes Bancaires in France, PagoBancomat in Italy, MultiBanco in Portugal…), most banks in those countries issue such a co-badged card, which supports both this local payment method and a more international payment method. E.g. in Belgium almost all debit cards are co-badged with Bancontact and Maestro (Maestro being an international payment method owned by MasterCard).
When fabrication of EMV chip cards starts, all cards are the same. Of course by printing the design on the card and personalizing the card (with the name, card number…) you get a specific card. Additionally there is a personalization of the EMV chip. On the chip the specific application(s) of the card is deployed, as well as the specific personal information. This personal information stored on the card consists of the card number (also called the PAN number = Primary Account number), the expiration date, a security code (also called CVV = Card Verification Value or CVC = Card Verification Code), a number of cryptographic keys and the list of CVM checks (CVM = Card Verification Methods). This list indicates which type of security check should be applied and can depend on the type of payment (e.g. contact versus contactless), what the terminal supports and the amount. E.g. the CVM list can indicate that a contactless transaction can be executed up to 50 EUR without asking for a PIN.
The cryptographic keys ensure the necessary security. E.g. they are used to calculate a cryptogram (based on one of the stored secret keys and the info of the transaction), which is sent along to the issuer. The issuer can then verify that the transaction message was not altered along the way by calculating itself the cryptogram and comparing it with the provided cryptogram. In the same way, it is possible to encrypt a PIN code and send it to the issuer for verification. The PIN code can be stored on the chip and verified by the chip directly. This so-called PIN offline verification is however only possible when the chip can be read by the terminal. In case of a contactless transaction requiring a PIN, card issuers usually work with PIN online, which means the PIN is sent in an encrypted way to the issuer, who verifies the correctness of the PIN, before authorizing the transaction.
The information on the chip of a card can also be virtualized. This means that instead of the card sending the NFC signal (in contactless mode) to the terminal, it is also possible that your smartphone sends out this signal (and emulates the card). This can be a specific app, using HCE (= Host Card Emulation), but this technique is only available on Android phones, as Apple does not give access to the NFC antenna. A more common technique is of course Apple Pay and Google Pay, where you onboard your card on the Apple/Google infrastructure and your smartphone emulates the physical card.
Now that we have clarified what the card does, it is good to have a look at how a payment works.
The first step is of course telling the terminal (POS = Point of Sales terminal) how much the customer needs to pay. This can be inputted directly on the terminal, but large retailers have of course an integration with their cash register (= ECR = Electronic Cash Register). This integration allows to pass immediately info like the amount, which card types can be accepted (cashier can select a specific payment method) and potential other reference information. Obviously, a lot of cash register systems exist (e.g. Lightspeed, Square, Casio, Toshiba…) and also a lot of protocols to integrate ECRs with terminals (e.g. VIC protocol) and finally also a lot of different terminals (e.g. Wordline, Ingenico, CCV, Adyen, SumUp, VIVA Wallet, Cetrel, Loyaltek…). All these differences make those integrations quite a mess.
The terminal will then read the card (contact or contactless) and determine which verification methods need to be applied. Once the verifications on the terminal are ok, the payment is sent to the Acquirer (often the merchant’s bank), which sends the payment to the Issuer (usually the bank of the card holder, which issued the card). This Issuer validates if the card is still active, if the PIN code is correct (in case of PIN online), if the customer is allowed to do a transaction at this merchant (e.g. card might be disabled for foreign transactions) and whether the customer has sufficient funds to execute the payment. In case of a positive reply, the payment is considered as successful, even though the actual settlement will usually happen later. This settlement consists of the acquirer requesting payment to the issuing bank, the issuing bank debiting the cardholder’s account and transmitting the money to the acquirer bank and the acquirer bank crediting the merchant’s account.the cardholder’s account and transmitting the money to the acquirer bank and the acquirer bank crediting the merchant’s account.
For the communication between the terminal, acquirer and issuer a "Payment Network", like VISA, MasterCard, American Express, UnionPay, Bancontact… is used. This payment network sets all the rules of how these different players should interact. Additionally there are multiple protocols of how terminals can communicate with the Acquirer, like CTAP, EP2, Nexo (EPAS), IFSF, STD70, ABI-CB (Italy)…, making it for international players very hard to support all local payment methods.
It is also important to understand the difference between a "Four Corner model" (also called a Four-Party scheme, Open Scheme or Open Loop payment model) and a "Three Corner Model" (also called a Three-Party scheme, Closed Scheme and Closed loop payment model). The first model is the model described above and is the most widely used. E.g. VISA, MasterCard and UnionPay use this model. In the second model ("Three Corner Model"), the issuer, acquirer and payment network are the same party. This means the payment network provides the card to the card holder and contracts with the merchant to configure/setup the terminal. Typical examples are Diners Club, Discover Card and American Express, but often also niche payment methods, like the social vouchers (e.g. meal voucher payments) of Monizze fall in this category (even though in many countries, social vouchers are also handled via an "Open Loop" model based on VISA or MasterCard).
As you can see a card payment involves a large number of parties. While cash registers and terminals are bought or rented by merchants and typically include also a monthly service fee, the other players are usually paid per transaction. The Acquirer will recover those transaction fees from the merchant through a "Merchant service charge". The Acquirer however keeps only a small part of this fee, as around 20% of this fee (the so-called scheme fee) is going to the payment network (e.g. VISA or MasterCard) and up to 70% (the so-called interchange fee) to the Issuer. Part of this interchange fee is often used in the form of rewards (e.g. cashbacks) to the customer, thus encouraging the card holder to use his card as much as possible.
Card payments are clearly undergoing a major transformation. On the one hand, there is a strong push towards a cashless society. This trend, strongly accelerated by the Covid crisis, increases the use of card payments. On the other hand, there is a trend to replace the physical cards by payments with smartphones. This includes the exponential rise of the use of Apple Pay and Google Pay, but also new payment techniques, often based on QR code scanning (like e.g. Payconiq in Belgium).
Additionally due to the aggressive take-over strategy of the 2 major American players (VISA and MasterCard) in the last decade, there is a strong feeling, especially in Europe, that there is need for more competition and a new European player. As a result, several large European banks are joining forces to create a European alternative. It is however doubtful that this new initiative will be successful, as new technologies and payment methods, like PSD2 Payment Initiation, SEPA Request to Pay (SRTP), instant payments, CBDCs… can likely give better (more frictionless and cheaper) alternatives to the traditional card payment schemes.
Article | August 18, 2021
For many years, payment terminals have been a vital tool for businesses that complete their customer transactions in-store. The familiar hand-held devices have reliably taken card payments and offered simple additional services like mobile phone top-ups, cashback or electronic tipping solutions.
However, with recent technical innovation, boosted by the urgency surrounding Covid-19, the humble payment terminal is shedding its hard exterior - no longer is it, as some would argue, simply a commoditised, hardware-based necessity. As many within the payments space have predicted, the payment terminal is truly becoming a digital enabler and vital pivot point of modernisation for any business that accepts electronic transactions.
The Android Operating System leads the way
Today, payment terminals come in many forms. Though the traditional, handheld counter-top devices remain, many businesses now use off-the-shelf smartphones or tablets enabled with SPOC and CPOC technology.
Regardless of their physical form, truly modern payment terminals share a commonality – enhanced functionality which allows businesses to update and adapt quickly to changing performance, environments, and customer needs.
The Android operating system has been at the centre of a latest wave of innovation, facilitating the rise of mobile payment devices - pushed hard by the likes of Visa - and supporting the budding versatilities presented by Open Banking and PSD2 initiatives.
Combined, this new choice and flexibility has the potential to deliver significant advantages to businesses deploying Android point-of-sale (POS) solutions. These include integrated EPOS, strong authentication, and an array of alternative payment methods such as bank-to-bank payments, QR codes and even crypto currencies.
It’s about more than being just Covid-ready
Getting the timing right to make adjustments and improvements is now a focus for businesses across the UK as we start to emerge from Covid-19 restrictions and resume face-to-face interactions. The conventional payment terminal can play a central part in engineering the essential adjustments needed to create a Covid-safe environment – the new £100 contactless limit being the most obvious example.
However, functionality provided by the latest payment terminals allows businesses to do more than just make their premises Covid-ready.
For more commercial gains, payment terminals running on the Android OS allow for this same POS functionality but combine it with other essential business systems such as stock management, visual itemisation, and centralised booking systems.
As well as providing greater visibility of a business’ health and finances, more information also means friction points such as wait times and queues in store can be better managed. More data about customer behaviour also makes the in-store experience more customisable, for example, businesses can use this data to identify their busiest periods, explore seasonal changes or test new product lines and structure their staff planning and stock levels accordingly.
Coupled with more vital operational efficiencies, payment terminals can allow for a speed and flexibility of payments that can directly enhance the bottom line.
As the pace in retail environments ramps up to match that of the pre-Covid days, meeting new customer expectations and new environmental changes will be critical in staying relevant. An ability to accept the latest types and methods of payment could actually play a part in helping a business survive through difficult economic times.
Bolstering cash flow will also take on added importance as businesses rebuild. Payment terminals powered by better internet connections mean transactions are already faster, but internet speed alone is not enough. Today, terminals can be updated in ways that allow merchants to process those transactions faster still and get funds deposited into bank accounts in batches throughout the day, often completing within the hour.
Payment terminals and Big Data
With data becoming the bedrock of all modern businesses, it is the Android operating system’s ability to generate such an impressive wealth of data that adds to its compelling proposition. The value of Big Data and analytics to filter large volumes of information and uncover actionable insights is well known to the business world. Useable information can help leaders learn about their customers, make better decisions and, ultimately, produce more revenue. Customer data, for example, makes it possible for a business to learn about the buying behaviours of an individual customer or of defined customer segments.
When a business knows the time of day (or night) their customers shop and what type of purchases they make, it becomes easier to plan when inventories are stocked and with what items. Android payment terminals can provide data in a way that offers easy visibility of key trends and which specific hours of the day produce the most sales, allowing businesses to investigate possible reasons and react accordingly.
Such knowledge can then be used for a variety of purposes including the ability to upsell to future customers with greater success and the tactical arrangement of items in store. Crucially now, it will also enable businesses to maintain a Covid-safe environment by planning ahead for in-store activity and capacity limits.
With hundreds of applications already available to download from the app store, it’s important that SMEs are able to use this scale of choice to their advantage rather than become overwhelmed or distracted by it. Indeed, by taking the time to explore the apps available, smaller businesses can find the tools which allow them to level the playing field by bringing their operational efficiencies in line with larger brands and by leveraging the solutions that allow them to compete on customer service.
Article | August 18, 2021
“Every consumer wants a different experience when shopping, and this ‘experience‘ has become the differentiating factor for many successful business models.” This statement is even more important for ecommerce businesses, which have no face-to-face interaction with clients. With increasing competition, product quality and price are no longer enough to differentiate your brand. To stand out, you need a well-planned customer engagement strategy so they keep coming back for more. Many studies have highlighted the relationship between sales and customer engagement. According to a PwC report, ecommerce businesses can gain measurable benefits, including greater spending, by changing their customer experience strategy to make them feel appreciated. Higher engagement or personalization also impacts impulse purchases.
Article | August 18, 2021
Reality as we know it has been interrupted. Our entire lives have been put on hold. And it’s not a great feeling. To fight the global coronavirus pandemic, we’re all stepping back from large gatherings even if it disrupts our business goals or denies us the ability to catch up with dear friends. Not only have we postponed Ecommerce Operations Summit 2020 but we are brainstorming other ways to do our part and contribute however we can. Our focus right now is on everyone whose lives have been turned upside down or even put at mortal risk by this invisible enemy. How has this impacted you? While you’re working from home, carve out a quick minute to answer this survey and share the effect COVID-19 has had on your business. Answers will be collected through this Thursday.