Key debates in payments tokenization – Cost & Control

In Payments, Tokenization has surfaced two key points of debate for financial institutions. The first has to do with bank partnerships with technology providers like Apple, Google, Samsung et al – and how these partnerships need to be equalized around the topic of cost and control. Though the fear of disintermediation isn’t new, concerns about costs, data sharing and customer privacy has received a disproportionate share of this internal debate. Following is a brief perspective on how this is further shaped within banks and the downstream impact to those who intend to wrap them.


Fear of vanishing interchange has compounded banks concern about costs of participation from technology providers – Apple Pay’s 15bps is one such exigent circumstance. The rumored Costco/Visa/Citi deal under which any non-Citi Visa issuer can expect to make 30bps from a transaction can also expect to lose half of it to Apple if Costco ever moved to accept Apple Pay. Credit card issuers do not want to pay for the privilege of being included, and certainly not at the cost it’s made out to be.

Attempts to address this fear has manifested in Visa’s commercial framework VDEP deriving two key benefits to banks tokenizing their portfolio with Visa: technology partners cannot impose new costs for participation, and “all you can eat” consumer data buffets are shuttered.

That was the gist of the message conveyed by Visa to Apple last month in Cupertino – that it will lose the coveted 15bps when the rolling AP issuer agreements expire. The timing even works to the bank’s advantage, because it would be expiring two years in to the EMV shift – and the hope is that mobile payments would have found solid footing among the John Q. Public by then. Time will tell.

Further, the operating (OBO/Life cycle management) costs incurred by an issuer for tokenization aren’t restrictive today even for those with large portfolios – and networks are in the process of lessening the blow by temporarily waiving some of the downstream costs such as for provisioning. These “altruistic” measures have helped in starting to seed the landscape with mobile enabled bank issued credentials that are payments ready, while removing many incentives for the banks to stand up their own tokenization capabilities.


Banking is moving from branch to mobile – irreversibly from a wholly owned and curated experience inside a branch – to a collection of apps and services that are consumed by other apps and services, no longer built by a single or even the same depository institution. It is no longer feasible or desirable for a bank to want to control how a customer chooses to pay someone, it’s goal is to enable and simplify the payment experience regardless of the location the customer may find himself at, using whatever device the customer may have accessible. None the less, the current state hardly implies an open barn door, for the bank is solely responsible in enforcing consumer protection measures straddling data sharing and customer privacy.

It is with that in mind, networks in their role as tokenization providers are starting to limit what these new enablers can see in to the transaction stream. For example, VDEP limits Apple, Google and others to access less than 10 prior transactions made on the device. Thus, Google Wallet can only access the last 10 transactions made using GW on a BofA credit card – not the transactions that were made using a plastic card.

I have written both sides of this – and am conflicted about how this erodes customer experience. On one side – there is little utility in to viewing a subset of one’s transactions – and its a move wholly reminiscent of “what’s best for the bank, not what’s best for the customer. On the flip side – here’s what I wrote in February about Apple Pay/Passbook becoming the layer of abstraction over a bank deposit or credit account, and that banking apps are now passé.

“Tokenization was that layer of abstraction over payments – that allowed the decoupling between the credential originally issued by the bank, and the one accepted by the merchant during the lifetime of that credential. This trend of abstraction will continue beyond payments – in to other services – whether it be depositing cheques, managing deposit accounts, loan origination, money movement, so that the front line is managed by someone entirely other than the bank. And it no longer will be enough for a bank to say that they have a vertically integrated app that exposes some or all of these services in mobile – instead, they will be judged on the efficacy of extending these core services in to new platforms wholly owned by others. We may increase our interaction and engagement with a bank – but those won’t happen inside a branch or even within its own app. The sooner a banker reconcile with that statement, the quicker they can remove themselves as the chokepoint.

Hence, It is my belief that banking apps are now passé. Regardless of what banks tell themselves, (that – banking apps are a source of differentiation) – truth is that app usage for banks coalesce around two primary customer use-cases – check balance/view incoming transactions, and deposit cheques. At the launch of AP, I wrote that AP is the only bridge to payments in iOS for banks. Now, there is the real possibility that Passbook will become the preferred way to interact with your bank.”

Like interchange, this fear is being addressed in the commercial agreements drawn up for bank partners, so that boundary lines are drawn inside apps and services to corral payment data away from the rest. Apple, Google and rest can choose to circumvent these measures and directly negotiate data sharing arrangements with banks – Passbook’s fettered access to American Express transaction data is a clear example. That said, due to the fears referenced above, banks have little to gain and much to lose. Where is the consumer in all this – is a question largely left unanswered.

Board of Advisors at SimplyTapp - creators of Host Card Emulation driving democratization and open access to NFC in Android. Mobile Commerce & Payments Lead at Experian Global Consulting, serving Experian's clients in Banking, Retail, Consumer Credit & Payments. A strategic adviser w/ over 17 years of international Tech & Business Strategy consulting, advising firms in banking, retail & asset mgmt that seek clarity & insight in to the myriad business models around payments, fraud & commerce. Founded DROP Labs, a mobile payments/commerce strategy & advisory practice. Tweets here. I'm on LinkedIn here.
Cherian Abraham
View all posts by Cherian Abraham
  • FrankT

    Given these restrictions I hope that Apple and Google start dusting off their plans to issue (or in Apple’s case promote) a co-brand credit program to at least give users an option to get the best experience possible.

    The benefits to users would be a great experience, increased access to credit, and rewards from distinctive brands.

    Apple and Google should benefit too. The issuing bank who is lucky enough to win the co-brand deal ought to be providing relief for all those small ticket transactions coming from iTunes and Google Play. In the US, a fixed fee of $0.22 on a $0.99 song is a travesty. They get to demonstrate through the co-brand program how a credit card should act inside one of their wallets. Each wallet can still accept any other issuers cards but the experience with the Apple or Google branded card would stand in stark contrast.

    Millenials often have thin credit files on which to make credit decisions. Many may find it hard to obtain credit. With Apple and Google’s capital reserves perhaps they would be more willing than a traditional bank to extend credit into this thin file population. They can offer a portfolio of co-brand products that allows consumers to grow into an unsecured revolving product.

    Apple has two years to figure it out – the value they can derive from the spend coming from a co-brand program could be orders of magnitude more than 15 bps. They also have a start with an Apple co-brand card they already issue with BarclayCard.

    Google has even more to gain given the broad range of products and services they have in market and the pipeline of services to come – they desperately need a way to help users finance all the products and services they could be buying from Google in the future.

    BarclayCard is the incumbent with Apple. Google needs to understand the valuable position they have with issuers and the value they can achieve by issuing a co-brand.

    The collective actions on behalf of the issuers in the name of tokenization may just force Apple and Google’s hands to make one of those issuers a “King”.

    • droplabs

      Google and Apple could launch plans to directly underwrite device loans for their devices, now that subsidies are effectively gone – and in Google’s case, such a program is already available to employees. There’s also more value in it for Google – to underwrite that risk to breathe some life in to the Nexus line as well. It’s not that they need to put their own dollars in play – there are enough consumer lenders willing to underwrite these loans, based on a more informed risk management approach that leverages traditional and alternative datasets.

  • Scott Harkey

    I think one of the challenges for Apple/Google/Microsoft/Samsung is that the best experience and potential for direct benefit (outside the bps, which were never going to stick) comes from deeper integration with the banks (rewards programs, faster settlement, batched settlement charges, better security, transaction info etc); but integrating with banks is really hard to scale. It’s one thing to go and sign up the top 4-5 issuers in the US or UK for direct integration, but in more fragmented markets (and even the long tail of US issuers) you currently need something like VDEP or MC Program Management to even have the most basic integration between issuers and the wallets.

    I actually think this creates some pretty strong business cases for 3rd party financial service providers that are already integrated into banks to start working with the Google/Apple and re-create some of the deeper integration mechanics that the big banks are/should be doing themselves already. I have no doubt that the teams at FIS and the like are exploring this, but it’s equally important for the wallets to recognize the value of these partnerships AND create the right value proposition for issuers.

    Instead of starting issuers conversations with what they want FROM the issuers, I think the conversation should start with what value Google or Apple or Samsung or Microsoft (or any company looking to take over an aspect of the bank’s customer relationship while also seeking partnership with the bank) will create FOR the issuer. This changes the dynamic of the conversation. Most banks are both scared of the tech companies coming after their business while also really eager to partner with them due to their relationships with the banks customers. Point being – if it’s clear up front the value that a bank will get from a partnership then it’s a lot easier to then talk about specific things they are willing to give up (marketing spend, data share, customer engagement in certain channels, reduced interchange) and directly trace it to the value that they can generated from this concession. This is how executives make decisions at most big banks.

    The story line in the media of banks being overcome by FinTech has created such a warped perception of how the banks view Apple/Google etc that the tech companies seem to feel that they inherently have the upper hand and they simply can just tell banks what to do. I’d argue that the ones who will be most successful will find the right banks/partners that can agree on a shared vision and therefore create a true partnership that equally rewards both parties.

    • droplabs

      Agree that these are lopsided partnerships today – vs leading with shared risk and value. Much of that is driven by fear – “Be the first in wallet to enjoy top of wallet”.