Peter Guidi's Blog

Archive for the ‘Uncategorized’ Category

“Torch it, Shane. Burn everything”: Snidely K. ‘Whip’ Whiplash. Ransomware and protecting your organization from the bad guys.

In Internal Scanning, PCI, Platforms, Retail Payment, Uncategorized, Zone Routers on December 28, 2016 at 10:29 am

In 1986, evolutionary biologist Dr. Joseph Popp infected many people with AIDS, just not the way you might think.  “AIDS Information Introductory Diskette” was the world’s first known ransomware attack and was introduced into systems through a floppy disk which Popp mailed to his victims. 30 years later, the bad guys are still relying on human error to bring forward a new generation of even more dangerous ransomware threats. If you’ve missed out on encryption ransomware, lock screen ransomware, master boot record (MBR) ransomware, consider yourself lucky! Dr. Popp defended his hostage taking by explaining that the money was going to the PC Cyborg Corporation for AIDS research. Today’s hostage takers are harder to find and more interested in stealing your money than social causes. These days, if your network, mobile or desktop computer, falls victim to “ransomware” your financial data and business records could be locked with strong encryption along with a demand that you to pay for a key to unlock the files. Are you familiar with Bitcoin and the dark internet?

The evolution of IP connected devices at retail has changed the nature of threat vectors. Today, retailers must be as concerned with their Non-Card Data environment as they are protecting the card data environment. Ransomware is one of the clearest examples of the expanding data security threats. According to an analysis published by Trend Micro the average ransom demanded was approximately $722. Hollywood Presbyterian Medical Center paid $17,000 and The University of Calgary paid $20,000. Trend Micro found the majority of organizations that are infected by ransomware end up paying the ransom. Three-quarters of companies which had not suffered a ransomware infection reported they would not pay up when presented with a data ransom demand. Clearly, people tend to see things differently when they’re the ones in the hot seat. Retailers have millions of dollars in sales at risk, would you pay if your stores where offline?

How big of a problem is ransomware within the C-store space? During this year’s NACS conference at the “Technical Tools of Data Protection” session, Hugh Williams, CIO of Maverick said: “We focus so much on the CDE, but probably the biggest threat out there is ransomware. It’s looking for ingress right now. They are not some much interested in your card data, they want your other stuff”. When the room was asked who had been attacked by ransomware, nearly a dozen retailers raised their hand.

Protecting yourself from ransomware attacks, or how not to be the next ransomware victim, is a major challenge.  The first step is to understand that this challenge is beyond the scope of PCI and your POS. Ransomware finds its way into your environment in a number of ways. Two common threat vectors are leveraging iOT devices or tricking people to inadvertently undermining the security of their device, like enabling a marco on a windows document.

Stopping employees from opening the door to the bad guys takes “people and process”. Maintaining a secure network that closes the door to the bad guys requires good tools and proper scanning and patching. Management often doesn’t prioritize internet security until it’s too late. CIO’s work to develop ROI analysis to drive budget for investment network security. CEO’s need be educated on protecting the business from internet threats like ransomware, and having a full disaster recovery scenario that is fully backed up and periodically tested.  To harden defenses against ransomware attacks, retailers can adopt policy changes. IT departments can close the door by expanding the objectives of data security beyond PCI with an emphasis on scanning and patching outside of the card data environment. In the c-store business, iOT is only growing. Are your pumps IP enabled?snidly

Untangling Internal Scanning: how zone routers impact PCI scanning requirements

In CISO, Internal Scanning, PCI, Petroleum retailing, Uncategorized, Zone Routers on December 20, 2016 at 1:58 pm

Retailers who are evaluating how to maintain PCI compliance are likely to hear the word “scan” from third party compliance providers, or as a part of a letter from your acquiring bank.  The evolution of the POS EPS and move to POS IP connectivity for payment and loyalty has introduced new complexity to PCI scanning requirement. Retailers with newer POS now have an EPS as a part of their system. The EPS sits between the POS and the Front-End Processors and separates the card processing from the POS system creating both the Card Data Environment and Non-Card Data Environment. One result of this configuration is the need for a “Zone Router”. The Zone Router is typically installed behind the Store Router/Firewall/Gateway and Store LAN and in front of the POS/EPS. Retailers with Zone Routers need to consider how this technology impacts their responsibility for Internal Scanning

 PCI DSS v3.0 chapter 11.2 says that you must “Run internal and external network vulnerability scans at least quarterly and after any significant change in the network”. What “significant change” means is open to interpretation by the QSA, but could mean; new system component installations, changes in network topology, firewall rule modifications, product upgrades or almost anything touching the network.

For many Retailers, their expectation is that a single scan will satisfy PCI DSS requirements. For most merchants, however, the requirement is to conduct at least two separate scans: one from the inside (i.e., an “internal scan”) and one from the outside (i.e., an “external scan”). External vulnerability scans look for holes in the store perimeter firewall(s), where malicious outsiders can break in and attack the network. Internal vulnerability scans operate inside the store perimeter firewall to identify real and potential vulnerabilities inside the business network. Retailers with a Zone Router installed must perform three scans; external, and internal scans both within the CDE and Non-CDE.

Internal and External scans are critical components to maintaining PCI and protecting the network and hence, the business from attack by data thieves.  Like loss prevention, internal scanning is a hedge against disgruntled employees who have targeted systems from the inside, or malware, such as viruses or Trojans, that are downloaded onto a networked computer via the Internet or a USB stick. Once the malware is on the internal network, it sets out to identify other systems and services on the internal network—especially services it would not have been able to “see” from the Internet. Internal scans search the internal network for threats to assure the business valuable assets are properly secured.

The challenges of scanning within the CDE for POS systems with Zone Router is new and not all POS systems have defined how to manage this requirement. Retailers seeking managing a new set of scans, particularly for organizations managing centralized scanning engines, will find this requirement adds cost and time to compliance activities. When implementing a Zone Router, Retailers should consider how they will manage all three separate scanning requirements inside of a single actionable approach to their vulnerability scanning.

The EMV illusion: the connection between EMV and mobile payment.

In connected consumer, credit card, debit card, EMV, merchants, mobile payment, payment, Payment card, Petroleum retailing, Platforms, Retail Payment, Uncategorized on December 2, 2016 at 10:18 am

Dai Vernon, “The Professor”, who died in 1992 was a Canadian magician and the greatest sleight of hand figure in the history of the art. He rarely performed, but he invented magic and had an enormous influence on the whole range of “sleight of hand”. And so often, the magic he was doing was to fool other magicians. Such is the case with yesterday’s announcement that the EMV AFD mandate, scheduled for 2017, is moved to 2020. The “sleight of hand”; create a crisis, propose a solution and when the true motivation for the project evaporates, move the requirement far enough into the future that its purpose fades until the need is so obscured as to not be necessary. The Professor would be proud, but for the many retailers, hardware manufactures and professionals betting on EMV at the pump, this is a cruel trick.

A few years back I wrote that EMV, while being presented as an antifraud tool, was really a disguised methodology to bring NFC to the pump. After all, if the goal was simply to eliminate counterfeit card use, swipe and PIN would have essentially eliminated that counterfeit card fraud.  So, why was EMV/NFC so important, if there were cheaper ways to reduce fraud? The answer lies in mobile payment.

During the last five years the world has witnessed the conversion to a mobile digital society. Initially the card associations sought to enable mobile through the use of NFC. This was critical because the Card Brands sought to protect their business model against disruptive models and bake bank issued cards into payment terminals and the AFD.  The ROI on mobile payment is elusive and so the EMV liability shift was created (the sleight of hand) to create the ROI needed to drive NFC to the pump. What went wrong?

Two major issues have pulled the curtain back from the EMV illusion; cost (how) and need (way). There is little to say about the cost of EMV, other than prohibitive. One MOC showed me an estimate where the cost was north of $100M, WOW!

The “why” is more complicated. Over the last two years, cloud based payment models that leverage the POS, rather than NFC at payment terminal are now proving themselves in the market. MasterCard and Visa’s agreement with PayPal, the release of standards and multiple pilots, are an indicator of their belief that cloud based solutions will lead the way in mobile. Cloud based systems do not require communication between the payment terminal  the phone, and therefore many of the arguments about NFC are eliminated.  Further, there are many use cases, like vehicle based payment or drive-troughs where cloud based solutions are more effective than NFC. If cloud-based solutions become wide spread, then NFC is no longer relevant. Further, if you believe, as many do, that millions of consumers will adopt mobile, and mobile payment will be cloud based, then as card based usage at the pump declines, the rational for the investment in EMV evaporates.

 

“Contractual conflict”; Apple Pay and MCX, the new front in the mobile payments war.

In ACH decoupled debit, alternative payment, merchants, mobile payment, payment, Platforms, Retail Payment, Uncategorized on November 3, 2014 at 8:38 am

A few years ago, while at one of the major POS annual user conferences, I had the opportunity to socialize with one of the initial members to MCX. At the time, I was with PayPal and mobile payments was more of an idea than a technology. MCX had just been announced and I was learning about the “hush hush, MCX Exclusivity” requirements. I was floored. How could that be good for either the merchant or the consumer? His answer; “They really did not care if MCX ever conducted a single transaction. If allowing Visa/MC into the mobile wallet forced lower overall fees (read cards as well) then MCX would have done its job”. When asked about how profitable CurrentC would be, Lee Scott, former CEO of Walmart said, “I don’t know that it will, and I don’t care. As long as Visa suffers”. It never seemed like much of a business plan to me.

It was all such a secret. I can’t count the number of times I heard; “The first rule of MCX is; you don’t talk about MCX”. Well, judging from the news, things appear not to have worked as planned. The veil was lifted on the MCX story when Rite Aid and CVS Health pushed aside Apple Pay and in doing so revealed a new wrinkle in the mobile payment war, contractual conflict. The notion that an exclusive MCX mobile payment solution might be a lever to force card acceptance fees down seems to have reached its apex. Are retailers willing to say no to Apple Pay? The consumer is caught in the middle.

One of the ingredients in the MCX secret sauce is the idea that retailers will adhere to an exclusive arrangement thus locking out competing payments systems in the mobile channel. As Karen Webster speculates in her 10/27 blog, MCX is likely to have told both Rite Aid and CVS “You simply can’t do it. And, the fact of the matter is that you’ve been caught two-timing with Apple Pay, and that’s clearly a violation of your contract with us.” In doing so MCX is leveraging its big stick, not its economics, product features, or consumer demand, but the strength of its legal teams and the adverse contract its members have signed. “This act by CVS and Rite Aid heralds the advent of the imminent battle in the mobile payment system,” said Anindya Ghose, a marketing and information-technology professor at New York University. Now that lines have been drawn, we will learn if MCX can drive the cost of payment down, or will its own member retailers instead chose to provide their consumers with choice. Call the lawyers.

Right to the “3rd” power”: Mobile Payment the POS and ROI

In ACH decoupled debit, alternative payment, Bank Fees, big data, Coalition Loyalty, connected consumer, Convenience Store, interchange, loyalty, merchants, mobile payment, omni-channel, payment, Payment card, Peter Guidi, Petroleum retailing, Platforms, retailers, swipe fees on July 8, 2014 at 4:46 pm

The arc of loyalty/payment programing, particularly as it relates to mobile, is now mature enough for retailers to set long-term strategic goals. The high level strategy is about consumer engagement. The objective is to create a more intimate consumer shopping experience that is contextual in nature. The requirement being: “Right to the 3rd power”; the right offer, to the right person, at the right time. The tool set for loyalty, payment and the integration of omni-channel marketing in the mobile channel is the POS.

Mobile is the most important next generation service, in many ways it is here today. Consumer adoption of mobile services is exploding. The consumer is willing and ready, even waiting for the retailer to catch up. First to market retailers will be in the lead and have an advantage. Ignore mobile and you risk losing both the Millennials and the X-er’s. Is there any doubt that the next group will only be more mobile? Cards, checks and cash will exist, and will require attention, but having a mobile strategy is the key to future success.

While EMV will drive NFC to the POS, consumer engagement will be driven by merchant rewards. The days when retailers give over control of their customers to banks and associations will end as mobile payment becomes the norm. In this war for the mobile consumer, the POS and cloud-based mobile payment is supreme. The transaction is changing from the legacy model of capture/authorize and settle to a robust IP based dialogue. This dialogue is between the consumer and the POS and is about the relationship between the retailer and the consumer. Unlike today where the transaction begins when the item, coupon or loyalty card is scanned, tomorrow’s consumer will begin the engagement long before they arrive at the location. Mobile app based solutions will leverage Geo Fencing, Wireless, and BLE to engage the consumers according to their preference. The IT environment required to deliver these services must be tightly coupled to the POS at the Transaction Services Layer (TSL). This important change in the transaction flow means that payment, rather than being outside of the TSL, is now a part of the TSL. This change means that the entire legacy payments network may be disintermediated from the mobile transaction. We see this with companies like National Payment Card Association and believe MCX shares this goal.

Retailers are understandably concerned about ROI. ROI is a result of more profitable shopping. ROI is more than a function of “frequency and shopping basket”, it is about shaping the consumers purchasing decisions. People are asking about ROI and Mobile and reluctant to allow legacy payment fees into the branded app. To the extent that consumers react through the use of offers, coupons, push notifications, points etc in the mobile channel, payment is required to close the transaction within the same user experience. The notion that the mobile consumer will be interactive with the mobile experience and then be asked to use a card for payment does not make sense. Using a card in the mobile channel would destroy the user experience and make it impossible to measure conversion.

Certainly, there are many issues impacting retailers and the POS environment. The key questions is: which IT solution makes the most sense and how does it set the retailer on the road towards a larger goal of implementing a successful consumer acquisition and retention program that is “Right to the 3rd Power”?

Lower fees get the headlines, but might not be the story. Why multiple unaffiliated networks is the real bombshell in Judge Leon’s decision.

In alternative payment, Bank Fees, Bank Tax, big data, credit card, debit card, interchange, merchants, payment, Payment card, Peter Guidi, retailers, swipe fees on August 13, 2013 at 7:13 pm

Groucho Marx once said that “Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong remedies.” Judge Leon might have been better served had he considered the wisdom in Marx’s thought before his recent ruling throwing out the current Fed’s implementation of the Durbin Amendment.

When Judge Leon threw out Durbin saying “The Board has clearly disregarded Congress’s statutory intent by inappropriately inflating all debit card transaction fees by billions of dollars and failing to provide merchants with multiple unaffiliated networks for each debit card transaction” he may have opened the legislation to a potential flaw that might just make implementation of Durbin impossible

In an August 13 article published in American Banker called “Damage to Banks from Debit Card Ruling Goes Beyond Lower Fee Cap”, Kevin Wack writes “Perhaps just as significant, but less discussed, the judge also ruled that retailers must be given the choice of routing each signature debit transaction, as well as each PIN debit purchase, over at least two card networks.” Kevin is correct, fees impact the economics of the transaction, but like the highs costs of implementing EMV, multi-homing has technical implementation costs far beyond the cost of the transaction. I covered this this issue in this blog, January 2011, “Who gets to choose? Durbin’s provision on “multi-homing” and the prohibition on network routing exclusivity” Here is the issue. I asked a well know expert this question: what makes multiple unaffiliated networks a complex requirement? His answer: “most retailer’s payment systems route transactions based upon the Bank Identification Number or BIN.  They do not have the ability to make different routing decisions if a PIN is present or not.  Additionally, a lot of smaller merchants do not have direct connections to networks but instead route the majority of their traffic to a merchant acquirer who then will determine how the card needs to be authorized based upon processing agreements that retailer has in place.  While the concept of allowing networks to compete for the same card traffic sounds attractive, from a practical matter it is far more complex.  And as raised in the most current legal opinion, the ability to route between non-affiliated networks needs to be at the transaction level, not the card level. “

I wanted a bit more granularity and so another source tells me that “Although most retailers do not connect directly to debit networks, there is nothing other than cost that prevents them from doing so. As EMV comes into the US domestic market and each Debit Issuer is tagged with their own network EMV AID(application identifier on the Chip), we may see more large scale retailers choosing to connect directly with their network of choice. A lot of stuff is up in the air right now. The next 10 months will be very exciting in terms of the number of changes coming to the debit networks above and beyond Judge Leon’s judgment. I doubt if the Federal Reserve or Congress will be able to keep up with everything that is happening in this space in the interim.”

So, Judge Leon concluded that the Fed must allow retailers the choice of two unaffiliated networks for each individual purchase — whether the consumer elects to make a signature or PIN debit transaction, never mind the costs or complexity of making it so. I come way feeling like Judge Leon clearly does not understand how routing actually works especially for small merchants.  He seems to believe there is a “Payments Genie” and that rubbing the lamp makes payments happen. The intuition is easy, but the way this actually works as a technical matter I think is a mystery to people.

Dodd-Frank: thrown out again; is it a win?

In Uncategorized on August 2, 2013 at 8:37 am

As just about every pundit in the country is writing about, yesterday’s action by a Federal Judge gave the Fed another set-back by tossing out a second provision of the Dodd-Frank bill. Apparently the court is not as fond of the Fed’s actions as the agency would like. In case you missed it, the first ruling occurred last month as key provisions designed to limit speculation in the commodity market was also throw out by the court.  So while the retail focus is on the ruling as it applies to fees, perhaps a better question might be; can Dodd-Frank survive?

After yesterday’s news, my inbox started filling up. Since National Payment Card Association is the industry’s leading provider of alternative payments and many see our low cost ACH transaction as the answer to high cost bank card fees, our customers, contacts and prospects are wondering what this means to their plans. The question is, will lower cost bank card fees mean the end of merchant issued debit? Before offering my take on the ruling, let me answer the question. Even if we see lower rates on bank issued debit cards, the merchant issued program remains the most cost effective and successful use of capital to drive additional sales and profit. Let me explain.

NPCA customers typically capture between 20% and 40% of their total transaction volume with our program. Consumers who enroll in the program do so for the reward, not because the card has a lower fee. The result is that our customers experience increases of up to 40% in sales volume from the enrolled consumer base. It is the profit generated by these sales, rather than the saving on the transactions that drives ROI. In many ways, I think there is a good chance that yesterday ruling may actually help, rather than hinder, the business opportunity for retailers with NPCA,

So here’s my take on the judge’s ruling; let me preface this by saying, we’ll need to see, there is no crystal ball on this one.

1.            First, I wish I were a lawyer retained on this issue, this means years of work. The next date is August 14th and you can be sure all of the parties will come “armed for bear”. There will be multiple lawsuits, appeals, legislative hearings and more. Let’s not forget, a big part of the rational for Durbin was that Retailers would give the saving back to consumers. Has that happened? 2014 will be an election year, one result may be that Durbin is dropped all together. You can expect the Banks to make this case. If we see a Republican senate in 2014 I’d say the good money is on over turning Dodd-Frank all together, with a veto from the President. Durbin will be lost in this mess.

2.            If the Fed capitulates and takes action to force a 12 cent fee on banks, the market impact is likely to be huge. Debit Cards as we know them may/will go away. Banks cannot or will not operate the debit card network on 12 cents. It’s the reason why only regulated banks where covered in the original rule. One possible result, a consumer charge for carrying a debit card, perhaps a bank fee; once again, who knows. Regardless of the actual result, Debit Rewards will be nonexistent only increasing the power of a merchant issued card.

3.            Not all consumers are paying with debit, and those who do lost debit rewards long ago. Lowering the fee only lessons the economics for banks to compete with the NPCA or merchant issued program.

4.            More uncertainty. The ongoing struggle between the Fed, Congress, the Executive, and the Judiciary will contribute to the uncertainly in the banking market. Retailers can capitalize on this period by introducing their own method of payment. NPCA offers the retailer a stable program designed to increase sales though frequency and basket size. While the industry fights, our retailers will grow and profit.

From an NPCA perspective, what we’ve seen is our customers are focused on leveraging the loyalty aspect of the NPCA program. The real value in our program is the ability of the retailer to reward their consumer for the use of the merchant card. This feature and the underlying economics remain unchanged, regardless of what happens in Washington.

Three emerging trends in payment

In Uncategorized on April 8, 2013 at 4:17 pm

Consumer payments will experience accelerated change in 2013. Multiple disruptive and innovative companies, particularly 3rd party app developers and retailer branded mobile solutions, will enter the market to challenge the incumbents. Traditional payment processing networks and financial institutions will struggle to keep pace with nimble, tech savvy competitors. “Payments incumbents will leverage their market power to battle disruptors. MasterCard’s new fee structure for “staged” digital wallet providers such as Google Wallet, PayPal and Square” are an early shot-across-the-bow in a fight that will set the stage for payments over the next decade. The legacy technology managing the current payment processing network will be unable to keep pace as new POS and cloud based programs enable merchants and consumers to pick winners and losers.  Mobile solutions; coupled with low cost alternative payment, in conjunction with retailer funded rewards, will become more abundant, more accessible, and deliver greater value.

The eco-system is changing. A new “Retailer-Consumer-centric” payments paradigm is emerging. The future of the new paradigm will be shaped by three disruptive digital (POS based combined with IP communication) trends:

◾The POS Payments Cloud:  The last 10 years has brought major change to the POS and communications.  Less than 10 years ago the POS was a relatively limited device and communications were slow and arcane, at least by today’s standards.  The traditional legacy payments processing network relies on processors, associations and financial institutions in conjunction with POS vendors and a “heavy” communications systems like the Hughes satellite network to enable electronic payment. Unlike the consumer and their expectations, change within this eco-system is difficult, time consuming and expensive.  POS vendors are setting the slate to disintermediate the traditional network through the introduction of the “payment cloud”. Today’s POS is a powerful device built with open standards capable of supporting a wide range of payment and loyalty solutions. The internet changed the nature of communication allowing low cost, reliable, fast, and secure connectivity. Emerging payment models leverage the combination of POS capability and the internet to disrupt traditional payment economics. “Merchants have a growing set of payment options that do not adhere to the traditional interchange or processing fee model. Some of these options even deliver additional value above and beyond payment processing. As merchants adopt these new payment methods, their expectations will reset and they will expect lower costs and greater value from incumbent payment service providers. Traditional economic models will not disappear overnight, but it would be a mistake for payment incumbents to dismiss the growing number of unique pricing schemes and the disruptors who are moving aggressively to gain scale”. Watch for the emergence of these POS payment platforms in 2013.

◾Mobile Payment: Mobile payment and digital wallets will change the nature of the relationship between the consumer and the retailer. New technology will enable a robust “dialogue” between the consumer and the retailer during the “purchase cycle” allowing the retailer to engage the consumer before, during and after the transaction.  Technology “will drive adoption by integrating capabilities that remove friction and transform the payments and commerce experience in contextually relevant ways. These wallets will embed capabilities that can create a more convenient commerce experience for consumers and give merchants a growing set of potential benefits — that may provide a distinct competitive advantage — to evaluate and weigh against the additional costs of wallet acceptance.”

◾ACH & Merchant Issued Rewards: The advantage merchants have in mobile payment is two-fold. First, merchant control access to their mobile payment environment, they will decide what forms of payment are available to the consumer. Secondly, rewards are the key driver for consumers as they choose their method of payment and rewards are controlled by the merchant.

 

Low cost alternative payments in conjunction with merchant issued rewards will appeal to a broad base of retailers and consumers. The loyalty industry in the US is significantly more than $10 Billion dollars and growing. Current card acceptance fees are in the two percent range adding up to billions of dollars. Merchants who leverage the combination of these two line items will offer consumers powerful incentives. Clearly, Merchants can have a lot of influence regarding payment choice with this type of spending. “Disruptors are creating better, lower-cost alternative products and services that deliver more value and meet broad-based payment needs.” Retailer services will provide consumers with personal, relevant offers designed to drive a more profitable purchasing experience.  ACH payment will lead the way towards low card acceptance fees. Retailers who recapitalize these fees as consumer rewards will see increased sales and profits.

 

It will take a few years before we see the full force of this disruption. Retailers will be hesitant to make the technology changes necessary to support the new payments paradigm. Some will wait as end-of-life requirements make change inevitable, others will jump in early and gain leverage in their market.

2013 will be an interesting year for the payments market, what changes do you see in your organization?

How big is Big? The Uber Cloud

In Uncategorized on March 31, 2013 at 6:32 pm

In my last blog I discussed the three high level priorities of Big Data and its role with mobile payment.  In this blog I take a closer look at how big is BIG DATA. Today, retailers have access to the transactional data that they collect at the POS, or is provided to them by 3rd parties. Big Data is the “other data” from the “Uber Cloud”. The Uber Cloud includes all data sources like web server logs and internet clickstream data, social media activity reports, mobile-phone call and text detail records and information captured by sensors.

How big is big? YouTube, FaceBook and Goggle are estimated to store 1400 petabytes of data including more than 35% of the world’s photographs. Between them, they share approximately 11.2 billion page views per day. People “Tweet” about 128 billion times per year at a rate of 4500 tweets per second. Annually, people spend over 2.2 trillion minutes either talking on the phone or sending 6.1 trillion texts. On any given day people are texting 193,000 messages per second or spending 2.2 trillion minutes talking on the phone.  There are only 7 billion people. We can agree, this is BIG!

That’s a lot of millions, billions and trillions: but what is a Petabyte? When I tried to think about how to explain a Petabyte I found myself thinking of Doctor Evil demanding; “one million dollars” not aware of how little a million dollars had become. It is true, a million dollars is not what it used to be, but the same is even truer when considering data.

A Petabyte is big. Mathematically, “a unit of information equal to one quadrillion (short scale) bytes, or 1 billiard (long scale) bytes”.  It’s hard to visualize what a Petabyte could hold. “1 Petabyte could hold approximately 20 million 4-drawer filing cabinets full of text. It could hold 500 billion pages of standard printed text. It would take about 500 million floppy discs to store the same amount of data”. The promise of mobile payments is that retailers will be able to access and use these data sources to build a more profitable, relevant relationship with their customers.

Big Data means Big Data Analytics. Big data analytics is the process of examining large amounts of data from a variety of sources to uncover hidden patterns, unknown correlations and other useful information to engage the consumer during the purchase cycle. Access to Big Data within the mobile wallet will drive radical efficiencies enhancing social engagement and improve information sharing between the consumer and the retailer.

Big Data and Mobile Payments: Three priorities.

In Uncategorized on March 28, 2013 at 9:11 am

The three high-level goals of a Big Data program are:

  1. Collect information: The objective is to collect information that deepens the understanding of customer’s plans, intentions and behavior so the organization has a basis for decision and action. The first step is to collect and save all of the digital breadcrumbs. The challenge is, since we can’t understand consumer behavior that we don’t have, we need to collect everything. Since it’s impossible to know the future value of data we must hang on to it for a very long time.
  2. Conduct Analysis: Big Data really means Big Data Analytics. The challenge is to find relevance in an ocean of information. There are multiple trends occurring within the consumer base, some evolve quickly, some play out more slowly. The goal of analysis is to provide insight and opportunity to the decision makers managing the business.
  3. Take action: More tactically, it is what you do with the information that counts. The key to Big Data and mobile payments is the dialogue that occurs between the consumer’s mobile application and the POS during the purchase cycle. The objective of action is to promote more profitable consumer purchasing behavior.

The success of mobile payments begins with transactions. Transactions are a result of consumer enrollment and adoption. Enrollment and adoption require constant visibility and consumer incentives, in ways similar to advertising typical of the current payments paradigm. The difference is that Retailers rather than Financial Institutions are promoting the method of payment. The key to ROI is engaging consumers and creating demand using Big Data solutions during the purchase cycle. This is the connection between BIG Data, mobile payments and the POS.  Access to Big Data during the purchase cycle requires an integration that is tightly coupled to the POS at the transaction services layer.

The retailer controls payments in the mobile environment. Retailers are being very careful about who they allow into the wallet…MCX is an outgrowth of this concern. Retailers are concerned that the current card fee structure will become the standard in mobile payments. Retailers are asking, “How do mobile payments make me money or even justify the infrastructure investment”. While the current focus on mobile payments are POS enablement and transaction fees, tomorrow the focus will be driving new business through consumer engagement. Big Data is the backbone of demand generation and the POS controls how Big Data solutions are enabled.

Smart phone technology changed the expectations of consumers, merchants and eco-system partners. The smart phone has also changed the way consumers do business; integrated mobile payments at the POS is the last frontier.