Key debates in payments tokenization – Cost & Control

In Payments, Tokenization has surfaced two key points of debate for financial institutions. The first has to do with bank partnerships with technology providers like Apple, Google, Samsung et al – and how these partnerships need to be equalized around the topic of cost and control. Though the fear of disintermediation isn’t new, concerns about costs, data sharing and customer privacy has received a disproportionate share of this internal debate. Following is a brief perspective on how this is further shaped within banks and the downstream impact to those who intend to wrap them.


Fear of vanishing interchange has compounded banks concern about costs of participation from technology providers – Apple Pay’s 15bps is one such exigent circumstance. The rumored Costco/Visa/Citi deal under which any non-Citi Visa issuer can expect to make 30bps from a transaction can also expect to lose half of it to Apple if Costco ever moved to accept Apple Pay. Credit card issuers do not want to pay for the privilege of being included, and certainly not at the cost it’s made out to be.

Attempts to address this fear has manifested in Visa’s commercial framework VDEP deriving two key benefits to banks tokenizing their portfolio with Visa: technology partners cannot impose new costs for participation, and “all you can eat” consumer data buffets are shuttered.

That was the gist of the message conveyed by Visa to Apple last month in Cupertino – that it will lose the coveted 15bps when the rolling AP issuer agreements expire. The timing even works to the bank’s advantage, because it would be expiring two years in to the EMV shift – and the hope is that mobile payments would have found solid footing among the John Q. Public by then. Time will tell.

Further, the operating (OBO/Life cycle management) costs incurred by an issuer for tokenization aren’t restrictive today even for those with large portfolios – and networks are in the process of lessening the blow by temporarily waiving some of the downstream costs such as for provisioning. These “altruistic” measures have helped in starting to seed the landscape with mobile enabled bank issued credentials that are payments ready, while removing many incentives for the banks to stand up their own tokenization capabilities.


Banking is moving from branch to mobile – irreversibly from a wholly owned and curated experience inside a branch – to a collection of apps and services that are consumed by other apps and services, no longer built by a single or even the same depository institution. It is no longer feasible or desirable for a bank to want to control how a customer chooses to pay someone, it’s goal is to enable and simplify the payment experience regardless of the location the customer may find himself at, using whatever device the customer may have accessible. None the less, the current state hardly implies an open barn door, for the bank is solely responsible in enforcing consumer protection measures straddling data sharing and customer privacy.

It is with that in mind, networks in their role as tokenization providers are starting to limit what these new enablers can see in to the transaction stream. For example, VDEP limits Apple, Google and others to access less than 10 prior transactions made on the device. Thus, Google Wallet can only access the last 10 transactions made using GW on a BofA credit card – not the transactions that were made using a plastic card.

I have written both sides of this – and am conflicted about how this erodes customer experience. On one side – there is little utility in to viewing a subset of one’s transactions – and its a move wholly reminiscent of “what’s best for the bank, not what’s best for the customer. On the flip side – here’s what I wrote in February about Apple Pay/Passbook becoming the layer of abstraction over a bank deposit or credit account, and that banking apps are now passé.

“Tokenization was that layer of abstraction over payments – that allowed the decoupling between the credential originally issued by the bank, and the one accepted by the merchant during the lifetime of that credential. This trend of abstraction will continue beyond payments – in to other services – whether it be depositing cheques, managing deposit accounts, loan origination, money movement, so that the front line is managed by someone entirely other than the bank. And it no longer will be enough for a bank to say that they have a vertically integrated app that exposes some or all of these services in mobile – instead, they will be judged on the efficacy of extending these core services in to new platforms wholly owned by others. We may increase our interaction and engagement with a bank – but those won’t happen inside a branch or even within its own app. The sooner a banker reconcile with that statement, the quicker they can remove themselves as the chokepoint.

Hence, It is my belief that banking apps are now passé. Regardless of what banks tell themselves, (that – banking apps are a source of differentiation) – truth is that app usage for banks coalesce around two primary customer use-cases – check balance/view incoming transactions, and deposit cheques. At the launch of AP, I wrote that AP is the only bridge to payments in iOS for banks. Now, there is the real possibility that Passbook will become the preferred way to interact with your bank.”

Like interchange, this fear is being addressed in the commercial agreements drawn up for bank partners, so that boundary lines are drawn inside apps and services to corral payment data away from the rest. Apple, Google and rest can choose to circumvent these measures and directly negotiate data sharing arrangements with banks – Passbook’s fettered access to American Express transaction data is a clear example. That said, due to the fears referenced above, banks have little to gain and much to lose. Where is the consumer in all this – is a question largely left unanswered.

Board of Advisors at SimplyTapp - creators of Host Card Emulation driving democratization and open access to NFC in Android. Mobile Commerce & Payments Lead at Experian Global Consulting, serving Experian's clients in Banking, Retail, Consumer Credit & Payments. A strategic adviser w/ over 17 years of international Tech & Business Strategy consulting, advising firms in banking, retail & asset mgmt that seek clarity & insight in to the myriad business models around payments, fraud & commerce. Founded DROP Labs, a mobile payments/commerce strategy & advisory practice. Tweets here. I'm on LinkedIn here.
Cherian Abraham
View all posts by Cherian Abraham