The document summarizes the key topics discussed at the Swiss Payment Forum 2019 including the challenges facing digital payments such as new fintech competitors, changing regulations, and shifting user behaviors. It also covers new developments in e-commerce payments including merchant tokenization and Secure Remote Commerce (SRC). The document discusses how solutions like tokenization, delegated authentication, push provisioning, and SRC can help drive adoption by improving the user experience and security of digital payments.

1. Swiss Payment Forum 2019
Kurt Schmid, MD Digital Payments
Which solutions and technologies will prevail?
Digital Payment in 2020

2. Agenda
Challenges: GAFAs, regulations, changing user behaviors….
New developments in eCom payments:
• Merchant Tokenization
• SRC
How to implement convenient payments?
Convergence between in-store & eCommerce payments
2

3. Challenges
3

4. Top Challenges
Bank /
Merchant
New
(digital)
challengers
Cost for
Regulation /
Legacy
Changed
User
Behavior
GAFAs
4

5. Poll
What are the biggest challenges for your bank / company / organisation?
• New challengers
• Costs for regulations & IT, changing business model
• Changed user / customer behavior
• GAFAs
• Internal resistance to change
• Other
5

6. New Challengers – The rise of NEO-Banks…
Source: MC Study – “UK state of Pay (Sept 2019)” 6
13%
of new accounts opened
from Jan – June 2019
were digital only banks
1 in 8 people
15%
of 25 to 34-year-olds
hold an account with a
neo bank
1 in 3
people in the greater London
area is considering to opening
a digital-only bank account
Bank /
Merchant
New
(digital)
challenge
rs
Cost for
Regulation
/ Legacy
Changed
User
Behavior
GAFAs

7. … and impact
7
In 2025, Fintechs cut banks by 14 percent of total revenues
In the future, banks will lose up to $280 billion of their revenue
from payment transactions according to a study conducted by
Accenture. As a consequence, Fintechs would have a share of 14
percent of industry turnover1.
“The digital boom will mean banks have to fundamentally
change the way they think about their revenue composition”
“Channels that once made the banks billions of dollars will cease
to exist”2
Source: t3n1 & Reuters2

8. Costs for regulation / Legacy
8
Costs for regulation are equally distributed to
all (in theory) …
BUT … PSD2 has less legal burdens to AISP
and PISP than banks
Costs for (legacy) IT are increasing
Bank /
Merchant
New
(digital)
challengers
Cost for
Regulation
/ Legacy
Changed
User
Behavior
GAFAs

9. Changed User Behavior
9
 Mobile First
 Always online
 Less loyal (traditional values decreasing)
 Instant results needed
 Demanding on modern UX
Bank /
Merchant
New
(digital)
challengers
Cost for
Regulation
/ Legacy
Changed
User
Behavior
GAFAs

10. GAFAs embrace payment & banking
10
Bank /
Merchant
New
(digital)
challengers
Cost for
Regulation
/ Legacy
Changed
User
Behavior
GAFAs

11. A Theoretic Threat?
11

12. E-Commerce Landscape
12

13. E-Commerce Checkouts
Even stronger growth for m-commerce and in-app payments
Source: Mastercard, Worldpay, BCG
Majority (61%) is Card based, thereof
29% is Cards-on-File (CoF)
19% Guest Checkout
13% Digital Wallets
“Global e-commerce payment market is expected to
grow from US$ 24.26 Bn in 2017 to US$ 64.69 Bn by
2025 at a CAGR of 13.1% between 2018 and 2025.”
Direct Transfer
By entering Account 22%
Others
Other 11%

14. Concerns and Challenges in E-Commerce Payments
Source of figures: Mastercard, Worldpay, BCG
Lost
transactional
revenues
through
abandonments
and declines
ISSUER
CONCERNS
Risk/fraud
through
different
attacks
Cost
of customer
care
PSP /
MERCHANT
CONCERNSLost revenues
through
abandonments
and declines Low
conversion rates
especially on
mobile
channelsRisk/fraud
through different
attacks
Higher
transactional
costs for CNP
versus CP
Abandonment & Decline
rate when 3DS (1.0) is used24%
Decline rate when
3DS is not used17%
Higher fraud rate of
CNP compared to CP4-10x

15. How to Solve This
15
Cards-on-file 29%
Replace PAN by token to reduce risk
Improve security to CP level
(where a cryptogram is used)
Cards in Guest Checkout 19%
Same as above plus
Improve usability for consumer
eCommerce Checkout Types
Secure
Remote
Commerce

16. Here Are The Four Main Use Cases Of eCom Tokenization
16
ENROLL:
Add card manually or tokenize from
card on file
DISPLAY CARDS
Card art coming from token service
(user sees his real card image
TRANSACT
Generate EMV cryptogram
(can be used for one or more transactions)
LIFECYCLE
Issuer account update

17. ToPay eCom Token Connector Architecture
17
Merchant
Website
Merchant
App
PSP
ToPay eCom
Token Connector
Acquirer
SDK
Scheme
Network
Token Service
Provider (TSP)
and Token Vault
AETS
MDES
VTS
Token Enrollment &
Transaction API
Token Notification
API
Merchant
Management API
TSI*
TSI*
TSI*
Issuer

18. Comparing Scheme Tokenization with PSP Tokenization
18
Better
approval rates
Higher
security and less
risk
Card data
cannot be
stolen
Possibility
to show cardart to
user
Life cycle
management,
E2E connection
merchant -
issuer
Complies to
PSD2 SCA, basis
for delegated
authentication
Users can push and
manage cards for
merchant (within
issuer app)
Less
Scheme Fees
or Interchange
(depending on
situation)
Will be
pushed also
by SRC
Expected to
be mandated
by schemes
Expected to
be mandated
by schemes
Advantage compared to PSP proprietary tokenization

19. Secure Remote Commerce
19

20. Key points of the EMV® Secure Remote Commerce Framework
“SRC”
20
 Defined by EMVCo (https://www.emvco.com/emv-technologies/src/)
 Scheme agnostic to help interoperability
 Pay securely via single SRC checkout button
 Will be scheme-neutral successor of MasterPass & Visa Checkout starting 2019 / 2020
 Will support card tokenization
 Demonstrator available from Netcetera, training courses coming as soon as specification out

21. What are the various roles in SRC?
21
Merchants’
Shopping
Pages/Apps
DPAs SRCI
(Payment Service Provider,
Merchant,
Acquirer or Gateway)
DCF
(Payment Network,
Browser or Merchant)
SRC System
Payment Network
SRC PI
Issuer

22. First-time enrollment during shopping
DPA SRCI DCF DSA

23. Card retrieval if customer is not recognized
DPA SRCI DCF DPA

24. Enrolled and returning user & device is recognized
DPA SRCI/DCF DPA

25. Pillars for Increased Conversion
25
Customer friendly UX
Tokenization
3DS Security /
Risk
Wallet with
OOB features
/ Push & Pull
Provisioning
Secure
Remote
Commerce
Delegated Authentication

26. White Label Issuer Wallet
26

27. Issuer Wallet / Card App
27
Account / Card / Transaction Management
Onboarding / Authentication / Biometric
support
Payments (NFC, P2P, PSD2 compliant 3DS Auth)
Card controls
VAS,…
+ Push Provisioning
Features

28. OEM Payment Activation
28
Offers OEM payment activation (super green path) with
fast time-to-market
• Push Provisioning
• In App Verification
• Card & Token Management
• Status & Lifecycle
Features

29. Push Provisioning (from Issuer App to Merchant Apps)
29

30. Delegated Authenticion
30

31. Checkout Today
31
Merchant App Issuer App (3DS) Merchant App

32. Checkout Tomorrow (Based on Delegated Authentication)
32
Merchant App

33. 33
Delegated Authentication and PSD2
 Two factors to be compliant to PSD2 SCA :
– Payment Card Token bound to a device
– Authentication in the merchant app, proven to the schemes by e.g. a FIDO Auth Token
 Initial binding with 3DS NPI transaction required
 Supported by Mastercard (Authentication Express) and VISA’s Cloud Token
Initiatives
– Technical and legal framework

34. Use Case Convergence
Purchase in a shop using an eCommerce Checkout (CNP Trx @POS)
Payment in a merchant app by a wallet using a registered payment instrument (Remote
Payment CP Trx)
34
Borders are dissolving

35. Resulting CNP to benefit from CP-like Mechanisms
35
Manual Communication
between Payment Instrument
and Point of Acceptance (PSP
Software)
Transaction not secured
(only based on knowledge)
Cardholder Validation with
3DS Step-Up
Digital Communication between
Payment Instrument and Point
of Acceptance (Terminal)
Transaction secured by
Cryptogram (Possession)
Cardholder Validation traditional
with PIN, on devices also by
biometry (CDCVM)
Card Not Present (CNP) Card Present (CP)
Tok.
Deleg. Auth
Prov. / SRC

36. Outlook Digital Payment in 2020
Banks can defend the customer interface by offering payment management and value
added services around the payment
eCommerce payments will become more convenient and secure
UX will improve:
• Instead of manual enrollment Push & Pull provisioning
• Instead of burdensome authentication easy OOB authentication respective already
delegated authentication in merchant app
36

37. Europaplatz4
4020Linz
Austria
kurt.schmid@netcetera.com
+43664 11211 00
Kurt Schmid
Managing Director Digital Payment
Kurt.Schmid@netcetera.com
https://www.linkedin.com/in/kuschmid/