MAG Insights

As consumers continue to leverage digital channels more often for transacting, there has been a sense of optimism that the paradigm in payments could shift to one that fosters increased competition and innovation coming from new technology players offering creative consumer experiences that enhance overall retail commerce.  In recent weeks, it has become unclear if that paradigm shift will be challenged in light of a new remote commerce framework being introduced by the global payment networks.  

Late last year, EMVCo announced a new Secure Remote Commerce Framework which promises to facilitate interoperable and secure payments in remote commerce channels specific to network branded payment cards.  It also promises to deliver security, standardization, simplification, fraud reduction, and increased conversion for digital commerce.  All of which are shared goals among the merchant community.  Global networks recently announced support for this framework.  Although these are shared goals, merchants have reservations due to the limited details on implementation plans and impact to the customer experience. Moreover, MAG has concerns around other implications this framework may introduce regardless of intent. 

Visa’s CEO, Al Kelly, has said the move to SRC and a single buy button (which other networks seem to support) will be analogous to the situation you see in the physical world of a single terminal which all network payment products run through.  He describes the current e-commerce world being equivalent to multiple terminals which he describes as a terrible experience.  I would agree wholeheartedly that the incredibly confusing and cumbersome list of payment brands a consumer must consider as required by network brand guidelines for merchants to follow is quite disappointing.  Layered on top of that were the introductions by each network of their own proprietary “buy button” solutions including Visa Checkout, Mastercard MasterPass, and American Express Checkout.  The networks have historically helped to foster the digital environment in which friction proliferates.  

Although improvements that would provide a more simple and easy digital checkout experience is definitely warranted, creating a digital experience that replicates the physical experience is not a direction that appears forward-thinking.  This SRC framework or single “buy button” concept that intends to support this approach appears to simply port over a network-centric model into the world of digital payments.  

The framework and related draft technical specification for SRC is being designed under the leadership and market influence of the major global payment networks, the co-owners of EMVCo.  In light of insignificant uptake for their own digital wallets, these global networks appear to be looking to migrate those products into this new SRC system enabling the single “buy button” experience.  The implementation of this specification will be encompassed in an implementation model with costs, rules, and requirements that are defined by the networks themselves.  The concern is this approach may promulgate some of the issues that exist in the brick and mortar world into the digital world.

For example, currently any merchant that accepts the EMV contactless specification (also published by EMVCo) must accept all wallets which is a silent extension of the “honor all cards” network rule. In addition, there is no transparency provided to the merchant into the identity of which third party wallet is being presented at the physical payment terminal since the wallet identifier field is an optional but unused field in the technical specification as a result of individual network implementations.  I suspect this same limitation would be implemented in this new SRC “buy button” model.
  
Another example is the current limitations that payment tokenization as designed by EMVCo and implemented by the global networks place on debit routing capabilities.  To date, some networks have made it very clear that merchants must choose between security (in the form of network payment tokenization) and debit routing rights should they choose to implement MasterCard Digital Enablement Services (MDES) or Visa Token Service (VTS) for in-app or ecommerce payment transactions.  This inhibition on merchant debit routing is not due to any technology limitation but rather business practices, commercial arrangements, and in-action to enable this capability that are solvable should those global networks choose to do so.  Recently, one network offered a cautiously optimistic move with respect to addressing limitations on merchant debit routing for tokenized transactions.  However, until there is clarity on how this functionality would port across all networks and into SRC, respectful concern remains as the current perspective among the merchant community regarding this new SRC “buy button” model.

The network-centric model incorporates operating rules which haven’t progressed as fast as the modern-day payment experiences have.  Consumers like to shop and transact across various channels, yet the rules merchants must follow to avoid compliance violations do not seamlessly support these cross-channel experiences.  In addition, the network-defined liability and cost models haven’t progressed sufficiently in this omni-channel world to support the blurred lines between physical and digital shopping and transacting.  Until the operating rules are modernized and the liability rules become more balanced, I suspect these challenges will remain regardless of how the SRC technical framework and technical specification are implemented.

In this network-centric model of a single network “buy button,” what other implications might there be?  Will merchants still be able to prompt a consumer on their own ecommerce website with a seamless proprietary payment option such as the Target Red Card, the Kohl’s private-label card, or the Amazon Pay alternative that offers customers a value exchange or will that flexibility be sacrificed?   How do merchants possibly integrate into a single network “buy button” the capability of discounting or surcharging (where acceptable), or more broadly prompting for payment alternatives with incentives that benefit both the consumer and the merchant?  These current alternative options foster competition, and it is difficult to ascertain what the implications will be in a single network “buy button” scenario.

The questions of who will fulfill the roles and responsibilities outlined in this framework are still unclear.  Who will have the technical capabilities to fill these roles?  How do providers understand what is required to participate in any of these roles?  How do interested and capable parties onboard?  What are the compliance requirements?  Who will enforce compliance?  Unfortunately, those parties not at the EMVCo table will continue to have more questions than answers while those sitting at the EMVCo table are further ahead in their evaluation, consideration, and influence over the design and ultimately their own development and implementation plans for SRC.  Visa has already announced plans to transition Visa Checkout accounts and those parties that support VCO over to SRC starting this fall.  The technical specification hasn’t even been published publicly, yet Visa is able to announce a deployment leveraging the unpublished specification.  By design, go-to-market is much timelier for those parties that co-develop and obtain advanced access to technical specifications leaving those that do neither to just wait and see putting competition at an unfortunate disadvantage.

Finally, the lack of cross-stakeholder engagement early in the design will risk a payment product being introduced once again that will not be deployed by the industry because either the product doesn’t sufficiently meet the needs of all stakeholders, the development and deployment cycle is too difficult and disruptive to retail businesses, or the return on investment is not positive or even neutral.  

I encourage the global networks to engage all stakeholders now in the design of this solution without a “pay to play” model so we can get the digital commerce experience right in a safe and secure manner.  In the words of the EPC, “A far better approach is to encourage retailers, issuers, and networks to collaborate on developing and implementing a holistic, dynamic security strategy that provides real protection for consumers.”  

MAG couldn’t agree more.  We have been advocating for this approach for a decade.  Let’s create that open forum to collaborate among all stakeholders versus leveraging a standards body for which decisions are owned by one stakeholder group that fosters a “pay to be informed” membership model with stringent confidentiality requirements limiting even a paying member’s ability to participate effectively.

Our mutual customers deserve a much more collaborative approach.