The Glenbrook partners reflect on key trends and challenges in the payments industry that shaped 2024 – from generative AI, open banking, the evolving regulatory landscape, and the rise of fast payment systems worldwide. And you can’t get the Glenbrook team in a “room” without discussing ongoing fraud implications, orchestration in merchant payments, and the progress of tokenization. Tune in to hear insights from our industry experts on these themes and more as we wrap up the year and look towards 2025.
Bryan Derman: Hi, everyone. I’m Bryan Derman, a partner at Glenbrook and your host for this edition of Payments on Fire. In this episode, we’re sitting down with some of my partners to reflect on what we’ve been watching in 2024, see how some of the themes we laid out have played out, and take a look forward toward 2025 to see what we’ll be watching, how things might change, and what new topics are likely to spring up. Joining me for this episode are Chris Uriarte, Drew Edmond, Elizabeth McQuerry, and Russ Jones. Welcome team.
Russ Jones: Hey, Bryan.
Chris Uriarte: Hey, Bryan.
Elizabeth McQuerry: Hi.
Bryan Derman: Good to see you all. It’s so rare for us all to be in the same virtual room at the same time, so nice to be with you. Chris, I’m going to throw it to you for our first topic because apparently generative AI was a big deal this year. Give us your take on where it went in the payment space and where it’s likely to go next.
Chris Uriarte: Yeah, you know the topic’s hit mainstream when your grandparents are watching segments on 60 minutes about it, right? So it’s been definitely no slow down in the activity with AI this year, and the spotlight has most certainly been on this newer generation of AI, which we call generative AI. And we are seeing a lot of really interesting use cases for generative AI in the payments industry, in the banking industry. But I think the thing to highlight that we’ve seen as we continue to track the growth of the use of this technology is that it is really a double-edged sword, where it’s this great tool that has potential great effectiveness for a lot of use cases in the payments world, things like fraud detection, payments optimization, customer service tools, etc. But we also know at the same time that it’s heavily being used by fraudsters and criminal organizations.
So when we look at our fraud statistics over the course of the last year, growth in fraud in 2023 and what the indicators look like for 2024, fraud has essentially increased across really all payment types across the globe and certainly continues to increase globally when we look at cards. A lot of this is based on the growth of the utilization of novel AI technologies and the difference in what we’re seeing today in fraud attacks is really at a scale and a level of effectiveness that we have never seen before.
And there’s a lot of proof that AI is driving this. There’s a lot of proof that things like fraud as a service, online dark web fraud marketplaces selling AI tools, are contributing to this. So it is absolutely something that we’re keeping an eye on both from the good side and the bad side of the house as well.
So I suspect we’re just going to see continued growth in this area.
Elizabeth McQuerry: Chris, I just want to put in a plug for your friends and family members of all ages, about 60 Minute segments. Good for all of us.
Chris Uriarte: I do like a good 60 Minutes segment, Elizabeth.
Bryan Derman: It’s crazy the stuff that it forces you to think about. A friend of mine reached out to me the other day and said, I can’t believe you still have your own voice on your voicemail. Aren’t you worried about having your voice print compromised off your outgoing voicemail message and used in a malicious AI attack. That’s probably the least of it for somebody who’s on a podcast a couple of times a week. It’s amazing how you see people saying, oh, put a voice print on file with the bank or with your brokerage firms so that we can make sure it’s really you when you call. No, it’s really my voice, but it may not really be me.
Chris Uriarte: Yes. As paranoid as I might be, maybe I’ve just been working in the fraud and risk space for too long, somebody gave me that advice about six or seven months ago and I actually removed my voice from my voicemail as well. So I’m part of that paranoid camp on top of it. But you are right, it does make you think about some different things these days for sure.
Drew Edmond: I think it is telling that when we talk about generative AI right now, the main topic that we talk about is fraudsters using it. It’s like the use case for gen AI first went to the fraudsters and now we’re trying to catch up and use gen AI to combat what they’re able to do with it today.
And that’s kind of a lot of what we think about within the payments ecosystem with the use of generative AI and still searching for the positive use cases for players across the ecosystem to implement it. I think we hear a lot about the common things, maybe it’s on the customer support side and some elements where it’s incorporated into certain models, maybe a little bit more expansive beyond what machine learning is already doing today, but ultimately it feels like right now it’s a defense mechanism against what the fraudsters are already using predominantly.
Chris Uriarte: Yeah. That’s a really good point, Drew. And I’ll just note that we did release a joint white paper this past year on generative AI with Mastercard. We’ve pulled some research together that has shown that the fraudsters tend to be anywhere from one and a half to three years ahead of private industry and the use of generative AI technology.
So there’s definitely a spectrum of maturity in the private world that goes from organizations who really haven’t started thinking about their generative AI strategy to those who are a little bit more advanced, like the hardcore tech companies in Silicon Valley. But even when you are comparing the use of generative AI against the Googles and the Metas and companies like that, the fraudsters seem to be the real innovators in this space.
Bryan Derman: Yeah. Very good. Can we scare anybody with some other trends?
Russ Jones: Bryan, it’s easy to be scared by this stuff, right? We constantly watch how things evolve in the marketplace and fraud, if you only follow it by the news headlines, it’s almost the size of the US economy, right? It just grows hour by hour by hour. So there is a little bit of, end of the world type of scenarios to it.
Bryan Derman: Just sort of anecdotal, but I feel like I heard more about friendly fraud or first party fraud this year than I heard in the previous five.
Chris Uriarte: Yeah.
Russ Jones: I think that’s right. And it’s so hard to measure, right? To some extent, true fraud, third party fraud, if you will, is easier to measure, even though it’s not uniformly measured in the US, it is in other countries. But it’s like a tar pit when you go into the world of friendly fraud. Who knows how big it really is. All there is to go on is survey data, surveys largely from merchants, so what they think is friendly fraud, what they suspect.
Chris Uriarte: We should note that MRC, Merchant Risk Council, does a global payments and fraud report every year where they rely on pretty significant survey data coming from a wide variety of merchants. And this was the first year that of all fraud types, first party fraud and friendly fraud type risks were number one, number one concern in the mind of merchants this year. It is really impacting merchant’s bottom line. And it’s a whole umbrella of first party fraud tactics, ranging from typical chargeback did not receive fraud to lots of very sophisticated return frauds that fall into that category and it’s really having an impact on merchants.
Bryan Derman: Yeah, there’s been a lot of publicity of some of the physical shoplifting risks that have gone up in the economy, rings hitting stores and everything being locked up at the drugstore and all of that. This friendly fraud to me is digital shoplifting, right, is kind of what’s going on here and sort of depressing to see a little bit of decay in society, I think.
Elizabeth McQuerry: Yeah. And I think much of the fraud that we’ve just been discussing has really been in more traditional payment methods, right? Fraud is a concern in all payment systems and it hasn’t gone away in any of them, right? So it’s a, if you will, a constant state of vigilance and of course there is concern about new payment methods, but it’s a persistent issue in traditional incumbent ones as well.
Bryan Derman: I know we’ll come back to that. I’ll just jump in and say a quick word about open banking and open finance. It was kind of an interesting year in the open banking world as we had one particularly big blow up ongoing between a fintech called Synapse and Evolve Bank and a lot of finger pointing about missing funds and all of that and clearly pointing to a need to tighten up the interaction between non-bank fintechs and their bank sponsors and the whole bank sponsorship universe got rocked a little bit by that. And perhaps it was time for a tightening up of that and to me, in a way, a codification of what were already some best practices in terms of fintechs and banks sharing their record keeping in a way that could keep them in sync between a pooled account and a set of sub accounts that, in the first instance, are the responsibility of a fintech to track.
But staying in sync on a daily or more frequent basis with the bank was always a good idea and now it’s going to be a regulation it seems, but probably move in the right direction. It’s going to cost us a lot of money as usual to learn that lesson but it’s coming on.
Maybe more interesting and doing a slow boil in the background is open finance and kind of a B2B phenomenon where we see lending being pulled closer and closer into the transactional flow. And at one level, that’s nothing new. Concepts like merchant cash advances have been around for a long time. Financing merchants against future purchases is a big part of what Square does, a big part of what PayPal does, important revenue source to a variety of merchant services providers.
But I think we’ve done some projects this year that say the time is coming for that to come into the B2B space as well, where a software company that is intermediating the flow of documents from RFPs to purchase orders, to invoices, to remittance advices is sort of in the way of a bunch of very interesting information for making loans against, whether it’s a buyer with a PO who needs to buy inventory or somebody with an approved invoice who’s waiting for a payment for a reputable buyer and getting an acceleration of payments, the embedding of finance into those commercial flows seems like something that’s been coming for a while and is just going to keep going. Seems like such an intuitive and obvious advance on, frankly, the way bank loans used to and sometimes still are made, right? Saying let me look at three years of audited financial statements, a deep look into the rear view mirror of how a company was performing. When in most cases, the security of a loan comes from future cash flows rather than what may have been on your balance sheet two years ago.
So I think that’s just an ongoing trend that we’ll be talking about five and ten years from now.
Russ Jones: Well, we had talked, Bryan, at the start of the year, we were watching, in the US market, we were watching the CFPB and what was then their proposed open banking framework, and that, of course, has been finalized this year. The US market now has formal rules around open banking and data ownership and metadata about accounts.
The thing I think that was surprising about the final rule was that it wouldn’t be on banks, which is probably a good thing here. And it talked about digital wallet providers and anyone who’s managing accounts and money outside of the banking system also being a subject to these rules.
So that was a little bit of a, I think a concession to the banking industry that had been pretty uniformly against those rules in the US market to see them applied more broadly across the whole economy. And it’s still to be seen how big of a impact that’s going to have in the marketplace. But I think it’s a pretty good bet that it’s going to have an impact.
Bryan Derman: I did like the amount of consumer control that was built into the rules, right? It further clarifies that the consumer owns their own data, can give permission to use it, can revoke permission as well.
Russ Jones: Yeah. That’s a sort of a meta theme about control shifting over to consumers.
Chris Uriarte: Yeah, for sure.
Russ Jones: Much to the chagrin of businesses that have that control today.
Bryan Derman: Indeed. You took us into the realm of regulation there, Russ, and that was certainly a big theme this year. We could spend a whole hour and more on how regulation evolved and where it may go in the future. But Chris, do you want to try to give us a thumbnail on the regulatory environment?
Chris Uriarte: Thumbnail is really a challenge in this area. It’s more of the whole hand or two, I would say, because we have seen just so many different either proposals or changes from a regulatory aspect in the past year. I think I’ll use regulatory in the broadest sense, talking about specific rules and laws that are being implemented by regulators, but also changes in rules and policies by card networks by payment networks as well.
We’re just seeing lots and lots of small changes all the way up to major changes for frameworks like PSD3 and PSR in the EU. Just as a snapshot in the US, there’s a number of things that we’ve been tracking such as interchange regulation in Illinois around restricting interchange on taxes and tips and things along those lines.
We had a settlement that was announced between merchants and Visa and Mastercard earlier this year in 2024, which was then overturned by the court, so that is in limbo now trying to figure out what’s going to happen there. We’ve had the ever pending CCCA, the Credit Card Competition Act, hanging over our heads for a while.
And then we’ve seen the regulators say that they are going to start regulating the digital wallets that are in place by the large tech companies, going to start regulating BNPL. We’ve heard Visa now rework their fraud monitoring program, the way that they’re going to be looking at merchant’s fraud activities. So, lots of things happening across the board.
In Europe, obviously, no slowdown in regulation there. The EU and the UK regulators are really aggressive and continuing to evolve the payments regulatory landscape. As I mentioned, PSD3 and PSR, the Payment System Regulation, are moving along. Probably we’ll see approval and adoption of that sometime in 2025 for implementation to follow there. We’ve seen some major impacts around how payments are implemented in marketplaces and app stores through the Digital Marketplace Act. For example, we’re seeing regulation in the EU and the UK around BNPL and we’re seeing both the EU and the UK also inquire into digital wallets that are being run by big tech companies.
And, lastly, if we look to Asia, a lot of things happening there as well. Most notably, we’re seeing some sweeping regulation around authentication and 3D Secure in Japan. And also the Australian regulators have hit hard with some pretty onerous regulations on the BNPL providers in that area. So it is a challenge for really everybody in the ecosystem to keep up with what’s going on there.
And some of this is just looking at things from a macro perspective, like the EU, just ensuring that consumers are being protected and taken care of, as is the case with the CFPB. Some of it is direct response to some major issues that we’re having. So, for example, we have the implementation of the UK authorized push payment reimbursement scheme that went into effect last month, which essentially says that now both the sending and the recieving institutions are equally responsible for reimbursement of authorized push payment fraud.
So 50/50 split there, something that we have not seen in any sort of regulation in the past of this level. And it really now is forcing all the players in that value chain to have some skin in the game when it comes to fraud detection and making choices about whether they should let payments go through.
So some of these are fairly significant and we’re not going to see a slowdown anytime soon.
Bryan Derman: That APP thing in the UK is really interesting to me. What’s going to happen there? Will we get more fraud initially now that consumers know they’re protected?
Chris Uriarte: Well, it’s an interesting point, Bryan. Drew and I were in London just the week before last and we went to an event where we’re focusing just on this topic here. Some of the folks that were researching some of the schemes that these fraudsters are perpetrating actually had shared some of the interviews that they had with criminals and criminals have a playbook for this.
They absolutely are coming up with ways to exploit this new regulation where they’re using people as mules, for example, to say, Hey, listen, just transfer me 10,000 pounds, then call your bank and tell them you were tricked into doing it and you’ll get reimbursed and maybe we’ll pay you 1000 pounds for doing that.
That’s just one example. We’ve heard this described as sort of being a playbook for fraudsters, the way that the regulations have been written. And so it’ll be very interesting to see how this impacts the overall landscape here of APP fraud in the UK.
Russ Jones: It’s nice to hear you refer to fraudsters as criminals.
Elizabeth McQuerry: Call them what they are, right? And it’ll be interesting to see how other jurisdictions and regulators look to this. What are going to be the results in six months, in twelve months? And of course, we’re just into this, just starting the new environment in the UK right now. But it’s a hot topic. Certainly.
Bryan Derman: So Russ, a lot of people will say to you the key to controlling fraud ultimately is the ability to authenticate the account owner. There’s work going on in that regard all around the world that maybe you could try to profile for us.
Russ Jones: You’re right, Bryan, and that’s a multifaceted topic. There’s sort of a trend around the world towards what’s referred to as strong customer authentication particularly for banks to authenticate it’s really their customer who’s initiating the payment out of their account.
Always done with multi factor authentication. And it’s a regulation in Europe, it’s starting to pick up in other countries. There’s pending strong customer authentication rules in Japan coming into effect. We’ve seen rules put into effect in India. And one of the arguments is that those that offer accounts should be able to do a better job authenticating their customers and others.
One of the underlying technologies there that people have placed some hope on is a technology called passkeys, that uses public private cryptography and it kind of eliminates passwords. It’s one of the biggest banes in our modern world is this out of control password mess. There’s hope that the passkeys can be a step in the right direction to tightly authenticate account holders to those that offer the accounts and do it without risk of password compromise. So we talked about this a little bit earlier in the year, and it’s a little bit of a chicken and egg thing, which is so typical in payments, where if you want to use it, you have to find a provider who offers it, right?
And so the big thing we’ve seen happen in the last couple months is both Amazon and Walmart now are both supporting passkeys online. So if you’re really into strong authentication and not being subject to account takeover, you can actually do something about it. And hopefully other merchants will see what those two bellwether companies are doing and follow suit. It’s to be determined if we see the banking industry do that. But one would hope, right. One would hope.
Bryan Derman: Yeah, I was going to bring that up. It’s another one of these things that in a quiet way, you know, a year or two from now, we might look back and say, well, 2024 was kind of the year of the passkey. After talking about FIDO and all of that for five years, in 2024, it really started to happen.
Russ Jones: Yeah, we had sort of a love hate type of relationship with passkeys here at Glenbrook, a lot of hope earlier in the year as they started rolling out, finally the future is here. But it turned out the usability wasn’t everything it was cracked up to be. So there was a lot of work to be done there and a big step in that direction was the annual software releases from Apple this year included pretty robust passkey, password management, passkey support. And when Apple starts getting involved in usability, the usability usually goes up very dramatically. So we got some high hopes there. And then Mastercard sort of flabbergasted a lot of people this year by putting the stake in the ground around 2030 to eliminate direct entry of card data in Europe. And they’re falling back on passkeys and they’re falling back on tokenization and digital wallets to make that happen. Sort of a really ambitious goal for sure.
Bryan Derman: It takes us to such an interesting place where you can, if it’s not already the case in a year or two, you could see where the most suspicious online transaction you can do is going to be one where somebody key entered a number and an expiration date and a security code into a website instead of using a digital wallet or a passkey.
Russ Jones: The only way it could be more suspicious is if you did that over the telephone.
Bryan Derman: Exactly. So what started as a convenience is turning into a major security benefit.
Russ Jones: You know, the big news there, I think, is it’s still a convenience, and our thesis in digital payments, you know, is in today’s world, because of the evolution in smartphone technology, you don’t have to trade off security and convenience. The two actually can coexist very peacefully and reinforce one another. For forever it was like, well, yeah, it could be more secure, but it’ll be harder to use. And that’s not the case anymore.
Bryan Derman: Yeah. When you when you get them to work together, you’ve usually got a winner.
Elizabeth McQuerry: That was a question I was going to ask. To what extent do we think that passkeys can minimize authorized push payment fraud?
Russ Jones: Well, the thing is, you have to draw the distinction between payments fraud and commerce fraud, right?
Elizabeth McQuerry: Okay.
Russ Jones: What I always like to say is then the payment system does exactly what it’s been told to do. So an account holder strongly authenticates their self to their bank, maybe even using cryptographically, using passkeys and instructs their bank to initiate a payment to a fraudster. Perfect.
Elizabeth McQuerry: So the duped or mule scenario will not be minimized at all, clearly, because that’s complicit in the process, but someone’s not going to, well, unauthorized take over my account with a passkey, or certainly not as easily.
Russ Jones: Yeah.
Chris Uriarte: That is true. Yep.
Russ Jones: Yeah. You still have the whole social engineering thing.
Elizabeth McQuerry: Yeah, sure, sure. I was noticing that just on these security features, not a passkey by any means, but in Brazil, Pix is now requiring as a payment system that you register your phone number that you want to make Pix transfers on to a financial institution, not just, I can go on and do this online wherever I access my account. I can only do a certain amount of transactions using my particular mobile device. Triangulating this a bit. Yeah, it’s a pretty new requirement. So it’s unclear what the effect is going to be, well, empirical effect.
Bryan Derman: This is a hard problem, but in some ways, this is what springs up as new payment systems come into usage. We’ve got enough fraud on our old payment systems, but then you bring in new ones, and they’re based on modern technology, so they move money in real time or near real time, typically in a revocable fashion, though maybe we’re chinking away at that notion a little bit. Elizabeth, why don’t you talk to us a little bit about the state of faster payments? It’s not a new thing anymore, but it makes a lot of progress every single year as it did this year.
Elizabeth McQuerry: Yeah. It’s funny. We may have faster, instant payments to thank for bringing up the need to do more about fraud. Of course, in the United States, we’re not clear that there’s a real connection there between them. Of course, they’re not widely used yet either in a retail sense.
But, now we’ve had FedNow as well as RTP and Zelle for a number of years, and we’re starting to see even FedNow is releasing its volume number. So it does have customers, think it was around 330,000 for the quarter transactions. But what was really striking is the average value of a transaction on FedNow.
And I know it’s high in RTP as well, but 52,000 dollars. I don’t know anyone who would truly argue that’s a retail payment, right? That’s a wire substitute currently. And of course, that will make it very attractive to fraudsters if that’s how it remains because that’s where the money is. So I’m sure that’s a concern, to manage that here in the US. But everywhere else, we just saw the recent report from AfricaNenda, with now over 30 instant payment systems on the continent of Africa. New systems in South America coming up, Bre-B in Colombia. So, a little bit situation like here in the US where the private sector payment operator also had a instant payment system, and now the central bank is going to offer one as well.
So they’ll be competing against each other in the market, hopefully, because they’re both very concerned about high prices and low uptake that the competition inducing effect is what certainly the regulator is after. Asia still has some countries without an instant payment system.
I’m sure as we’re starting to talk more and more about cross-border instant payments and Nexus there, that we will start to see more emphasis on those countries that need still an instant payment domestic system in Asia. But my gosh, I know I’m crossing payment systems and topics here.
But what a year cross border has had, right? I think particularly in emerging markets. We see UPI international going gangbusters. Lots of different experiments, including the conclusion of the project Nexus test case or pilots. And now they’re going to try to move into some sort of limited selection of countries in Southeast Asia to do something that’s not on a pilot basis.
And we’ll see if the central banks can lead the way here in countries where the private sector is not always as adventurous, to make this happen. I also just look at what’s happening in Europe right now, of course, another regulatory push to make instant payments a mandatory part of SEPA.
SEPA, by its very existence being cross border, but now we’re talking about instant payment cross border as a mandatory option. And SEPA is kind of easy to overlook in a way because it happens on its own timetable just like everywhere else. But if you look at what’s been happening in Spain before the mandate, we recently were shared a statistic from the Spanish provider Iberpay about instant payments in Spain. Already 54 percent of all payments in Spain, 54%, not mandatory. That was really surprising in the European context. So a lot going on out there in the instant cross border merging complex.
Bryan Derman: How do you think that will unfold, Elizabeth? We’ll have some unique elements like SEPA, where a whole group of countries dive in all at once. Outside of Europe, do you think this happens on sort of a corridor by corridor basis, or does it get multilateral very quickly?
Elizabeth McQuerry: I think multilateral is becoming more and more common. Just the bilaterals, they’re probably great for the first country selection, but after that, very diminishing returns. So multilateral is more bang for the buck. I also think that the notion of interoperability is clearly shifting towards what we, I think, at Glenbrook over time have distinguished as technical interoperability, right?
So it’s not scheme to scheme, it’s provider to provider, and they can connect to a regional multilateral scheme and do a lot more very quickly than scheme to scheme interoperability. Maybe we’ll see some of that in the US as well.
Chris Uriarte: Yeah, it’s interesting, Elizabeth. I think your point about Spain is particularly interesting because I assume when you’re talking about real time payments in Spain, that’s also taking into consideration what’s happening with Bizum, which is a scheme that has been created from the banks there, and I think that’s interesting the way that you see these patterns occur from country to country because the Spanish story kind of also mimics the Zelle story here in the US, right, where it really addressed the lack of a use case that we needed in the US, and same thing happened in Spain. And in the US, we had Early Warning, which is not all the banks in the US, but led by, owned by the largest banks in the US, created Zelle, and then it got critical mass from there and is almost ubiquitous across all banks, and that seems to be the same pattern that has followed with Bizum in Spain as well. So, these systems are popping up domestically that are, consumers are starting to think more in the real time mindset for these payments as these tools are now put in their hands, and it would be interesting to see how these themes like interoperability between systems, et cetera, plug into what has already been built and been accepted by the different demographics there. Spain’s a great example. I think.
Elizabeth McQuerry: Yeah, absolutely. I think of Bizum where the statistics related company where it came from that it’s like SEPA instant payments, but with a national directory. A funny little story from the Chicago Fed Payments Symposium, where they were just talking among different global providers about the directory and how it is an enabler to have alias directory of either mostly mobile numbers, but emails that you can send to as opposed to account numbers. I’m sure someone from the US context commented that, how fortunate that you were able to start another, I think this was Thailand, an instant payment system with a directory from the get go. And I think the person from Thailand basically said, I can’t believe you didn’t.
Bryan Derman: Isn’t the Thailand system claiming that it is scaling faster than Pix?
Elizabeth McQuerry: That’s quite possible. I’m not up on all of the data points here, but they’re doing very well in cross border. Of course, Pix officially hasn’t crossed that threshold, though some of the providers may be doing it from there. So a lot of cross border, person to business payments enabling in that region.
Bryan Derman: Really interesting. Shifting gears a little, Drew, something we’ve talked a lot about through the year is the advent of orchestration, primarily in the merchant payment operations, although we talk about all sorts of things being orchestrated, but bring us up to speed on the state of play this year, at least in merchant orchestration.
Drew Edmond: Sure. I think the coming of age story for orchestration is still being written to a degree. I think we have a foundational expectation now of what that term is defined as really, and really expecting the ability to have that single API connection into multiple PSPs, multiple payment methods, expanding now into integrating best in class fraud tools and things like that.
And that concept of being able to orchestrate is, this year we talked about differentiating between little o orchestration and big O orchestration, because that practice of doing that is not new, right? Merchants have been going out and choosing the right solutions for their kind of internal payment stack and external providers and building that themselves for years now.
But I think the evolution to democratize that a bit where less resourced or less sophisticated merchants that don’t have large engineering teams necessarily that they can throw at this capability, now they can go out and find providers that really enable that for them and make it much easier to do so, whether they want to do that on a relatively holistic basis.
I think that’s kind of where we’re growing towards where there’s types of capabilities that these large O orchestration providers can provide and the breadth of the different types of providers and the ability for these solutions to essentially replace what would have been your internally built payment stack is really growing.
And so depending on what your needs are as a merchant, you might be a relatively sophisticated enterprise merchant and you still say, Oh, well, maybe we’re going into the Latin America now, and we don’t have the resources to grow as quickly as we want to from a speed to market perspective.
Well, we can use a provider that can get us there a lot faster. So maybe it’s not replacing everything holistically, but it is doing it maybe in a particular region to help you with speed to market and to leverage your resources more effectively. Or if you’re a smaller merchant or just generally have fewer resources, you can do that more holistically.
And so I think that that’s where we see that world expanding to now, where if you want to, you can start to really think about using these providers as your kind of internal payments hub as these capabilities continue to grow. We’ve kind of moved from, what is orchestration, people are trying to wrap their head around the definition and transaction routing, smart routing, and things like that. And now it’s, all right, what else can you do for me? How can you help me do more with less essentially?
Chris Uriarte: One interesting thing that popped up, I was thinking about last week, Drew, on this topic is I was speaking on a panel about orchestration last week, of course, what else would I be speaking about these days? But there was a question that was posed by the audience, which is an issue that I think Bryan and I faced this question earlier this year with a large retailer, which was when we’re talking about orchestration, it seems like we’re always talking about eCommerce, right? But what about omnichannel orchestration and does such a thing really exist? And I think our thoughts were, and my fellow members on the panel as well, that they kind of agreed that that’s really in a different space, right?
As we do have some providers out there that are providing, maybe would be considered payments hub type technologies that have the ability to do multiple connections to multiple payment networks and maybe interface with different types of systems, POS systems, eCommerce systems, but they’re really a different animal from, say, the modern orchestrators that I think we tend to talk about when we’re talking about orchestration.
So maybe as we think about our continued refinement of this definition of orchestration, I know our colleagues, Samantha and Simon have done a lot of work on this this past year, we need to incorporate that a little bit more into the context that really eCommerce seems to be the leader when we’re talking about these orchestration technologies today, right?
Drew Edmond: I think that’s right. And moving beyond the notion of thinking of orchestration as just routing. I think that’s been the core of it. And now we’re talking about things like reconciliation. We’re talking about payouts, dispute management, taxes. This is really expanding the kind of the merchants payments operations hub more than it is just thinking about how do I get this transaction to maybe this PSP and if that fails, we go to this PSP.
Bryan Derman: I think the whole omnichannel thing comes more and more into focus every year, and you saw a lot of that, and I think the network rules have gotten a lot friendlier in terms of, what seems like a quaint old term, what we used to call card not present transactions. If they’re not a majority of what we do today, they’re well on their way to it because it’s happening at restaurants and takeout places and you go into one of the large drug chains and they don’t even want to bother handling your card. Should we just charge the card on file, they’ll say at the prescription counter at the pharmacy, and it’s just sort of no big deal to do it that way. Or, let me text you a link where you can complete the payment so you don’t have to read me your card number over the phone, the way Russ was teasing me about. So many new ways to do it and more openness to it with liability shifts and biometric authentications and the two are becoming a lot more, more the same, it seems to me, and sort of coordinating that consumer across tokens, across environments, all of that is going to be a bigger and bigger deal I think coming into next year, be a thing to watch. How do we track that consumer around?
Russ, I mentioned tokens. I know that’s a topic we just can’t stop talking about. So why don’t you put a capstone on tokenization for the year?
Russ Jones: Well, we were bullish about tokenization 10 years ago. We talked earlier this year about the steady march of more and more and more tokenization and we’ve certainly seen that. Visa and Mastercard both talk about 25 to 30 percent of their payment volume that goes through their networks is tokenized authorization request. and that’s not all Apple pay for sure, but a lot of it is merchants that are now basically putting digital cards on file instead of traditional physical cards on file and they’re doing it in a tokenized form factor.
So steady drumbeat, those numbers are not going anywhere but up. Something that we continually watch and have our eye on going forward. And I’ll also say that it’s not just any one thing. It’s everything. One of the things that’s new in 2024 coming into the market is the Paze digital wallet being offered by the major banks in the US and guess what? It’s all about tokenized digital cards. And why shouldn’t it be? That’s the drumbeat.
Bryan Derman: How much progress do you think is being made in the non card payment forms? In theory, this is a good thing for all pull payments, right?
Russ Jones: Yeah, it is. But, I think if you go back to first principles here, the thing that’s exciting about the digital card, which is the tokenized data payload, is it’s got a dynamic security code with it. It’s got the cryptogram with it and that same exact cryptogram is what you see at the point of sale in the chip card.
So to some extent, physical cards at the point of sale don’t need to be digital in nature. It’s fine they’re physical, because all the benefits you get, not all, but the primary benefit is the dynamic security code. And the big macro trend in the industry, of course, is to shift from static security codes to dynamic security codes. Good for everybody except criminals.
Bryan Derman: Exactly. Wanted to take us on to another thing we said we’d be watching this year, which was the continuing evolution of BNPL. As we sit here we’re recording just after the Thanksgiving holiday, Black Friday in the rearview mirror, Cyber Monday, et cetera, and a heavy and shortened shopping season here in the US, less than a month to go before the year-end holidays all around the world. And my basic perspective on BNPL is, my plea is, can we stop talking about this as if it’s some kind of a new thing and we’re waiting to see whether it’s going to work? This thing is here and it’s popular, people, so deal with it.
Chris Uriarte: It’s true.
Bryan Derman: Klarna is finally going to go public next year, but it’s a 20 year old company. Affirm is 12 or 13 years old. This is no longer a new thing. After Pay, et cetera. I think regulation is still catching up with it. That’s probably a good thing. We’re still thinking about how it fits into a broader spectrum of consumer credit, sometimes business credit too, but primarily consumer credit and how are the bureaus going to treat it and all of that. It’s here. So you better figure it out. It’s here, it’s popular, and in a lot of ways, I think it’s a good thing, right? It is a big evolution and in consumer choice, in a lot of respects, I see it as potentially a more responsible way of borrowing than to simply put a lot of stuff on your credit card and try to figure it out later.
You see, in many respects, the credit card issuers embracing it in their own ways alongside the BNPL specialists. But consumers like this and it’s working for them. There will be hiccups. It’s still not as seasoned a form of lending as some other types like credit cards. There will be hiccups from other players.
But as I said, we’re 15 and 20 years into this with some of the mature players. So I think in some ways the big shakeout might be behind us. We’ve kind of weathered it and this thing’s taken its place, alongside a lot of other mainstream payment systems and it is going to be with us for the foreseeable future and probably get bigger for quite a while.
Russ Jones: Bryan, we were looking at a couple of months ago, some data from Bank of America Institute, which is like the research arm of Bank of America, and they were doing analysis on Bank of America accounts and transactions and trying to understand Buy Now Pay Later. Their findings showed that 11 percent of the Bank of America customer base was actively paying Buy Now Pay Later installment payments. This is the Bank of America Institute, they’re kind of bullish on it, the whole phenomena because the trend was slowing down. The growth in installment payments was still substantial, but the trajectory was not quite as steep. Once again, sort of reflects your comments about its maturing a bit.
Bryan Derman: Maybe it’ll never be as big as credit cards. It would take a long time for anything like that to happen,
Russ Jones: Yeah. Oh, yeah.
Bryan Derman: but can we call it mainstream at least? It’s not emerging. It’s here.
Russ Jones: I’d say it’s pretty mainstream.
Bryan Derman: Anybody care to disclose how many installment plans you’re making payments on a month?
Drew Edmond: I think you pretty much nailed it, Bryan. I think that it’s probably something that’s not for necessarily everyone. Not that everyone’s going to use it and needs to use it.
Russ Jones: Credit cards aren’t for everybody either.
Drew Edmond: That’s right. Absolutely. I think you see the different usage patterns across different generations and things like that. There’s always going to be some ability for misuse when it comes to consumer loans, whether it’s a credit card or Buy Now Pay Later loan, whatever it might be. And so I think, of course, as it matures, that kind of the education level rises as well in across the ecosystem for how it should be used. And then regulation hopefully catches up to just put the guardrails in place so that it’s not overly misused. And so I think that given that it is here to stay, the expectation is that we should continue to see it marginally grow for the foreseeable future until it plateaus to the population that expects to use it regularly.
Bryan Derman: And I think debit is still finding its natural share of the market. So I would bet that BNPL has some way to run. But we will see, we will keep watching it. Drew, do you want to take us home with your favorite product. Talk to us about the state of recurring subscription payments, incredibly popular form of commerce these days. What are you seeing on the payment side of it?
Drew Edmond: Yeah, absolutely. I think one thing that I’m keeping an eye on next year as, looking back on this year, seeing kind of the growth in just the solution providers that are thinking about how to provide more control to consumers when it comes to their subscriptions and now with issuing banks, for these card holders, embedding that control into the bank portal, whether that’s an application or online, to be able to cancel or pause or change how they’re interacting with the subscriptions that they have. That’s going to be huge. I think that’s a really important thing as we have more and more of our lives in this recurring mode where we have multiple subscriptions for many things and trying to keep track of when you’re getting billed, how much you’re getting billed, am I still using this, that type of conversation that everyone has running in the back of their brains, maybe all the time sometimes now. Now you have just more control as a consumer to manage that for your finances and for what you’re expecting to do. So I expect to see that become more popular. We’ve seen regulation from the FTC, one click to cancel and things like that, which again gives just a little bit more power back into the hands of consumers, more ease to cancel those subscriptions when they do so choose to.
I think we’ve lived in a world where some, some merchants have gotten away with making that a little bit too challenging and as a result, it’s swung in the other direction from a regulatory perspective. And that’s kind of the theme that I’m looking at for 2025 is just the power of the control in the hands of subscribers. And then of course, the impact on merchants too, right? I mean, there’s going to be a reaction to that action. And merchants will see that reflected in different ways, whether that’s maybe in the decline codes that they see in some of these transactions or how they have to think about interacting with these solution providers that are working with these banks to say, Well, how do I get in there to continue to interact with my customer and influence them where I can.
What is the level of influence that they should have at that point is a question as well. And then furthermore, within the products themselves, how do you as a merchant react to knowing that now your customers have this control, how does that change how you market to them, how you communicate with them and all that. So there’s a lot to think about.
Bryan Derman: We’ve done a lot of work on what we call involuntary churn, like trying to avoid having payment system problems cause subscriptions to lapse. But there’s going to to be more focus on voluntary churn, if we can call that. How do I keep customers now that they’ve figured out how to cancel?
Drew Edmond: Exactly. Right.
Elizabeth McQuerry: Related to what Drew was saying about more consumer control agency in the payment process. I think one of the things that I’m looking for to see advance, ever so slowly, if surely in 2025 is, is there some sort of dispute resolution mechanism or some more dispute framework around faster payments in some of the markets.
Because we keep hearing inklings of that, but as you can imagine, that’s a pretty far stretch from where those payment systems are today. But there’s a hunger for it out there and we see bits of it, I think, possibly in other countries, but not in a wholesale way yet. So look for that one.
Bryan Derman: Such an interesting and different version of fraud control, right? Chris’s mule example really calls this out, like, how do I substantiate the claim that somebody’s making that they were duped, right, or manipulated into sending money to the wrong person? Maybe they were and maybe they weren’t.
Elizabeth McQuerry: I think it’s highly related to that for sure. But I also think about, well, it’s an extra step to just send the money back if I don’t want this product, right? And how do I do that within the whole eCommerce, et cetera, envelope, right? How do I link it to the product and et cetera?
Bryan Derman: Well, team, this has been a great discussion. We could go on for two more hours, I’m sure, and have a whole other list of things we didn’t even get to. But that’s a pretty robust review of the year. And I think every one of these is a topic that will be on our hot list for next year. So I look forward to tracking these trends alongside you and we’ll get together again in the new year and see how they’re playing out. Until then, we’ll wish everybody a very happy holidays and a good year in payments.
Chris Uriarte: Thanks, everybody. Thanks, Bryan.
Russ Jones: Thank you.
Elizabeth McQuerry: Thanks.
