Payments data has become a crucial cornerstone for any company that processes transactions. Despite the availability of powerful analytics tools, many companies can’t leverage the true potential of their payments data because their information is siloed and scattered across multiple systems.

In a recent PaymentsJournal podcast, Mike Meeks, Chief Technology Officer at BHMI, Jon Protaskey, Director of Software Engineering at BHMI, and Brian Riley, Co-Head of Payments at Javelin Strategy & Research, discussed the approaches that enable companies to tap into the power of payments data.

Transforming Transaction Data

Payments data is consolidated through a secure centralized repository where transaction data is stored, managed, and accessed. The first step is to pinpoint all relevant sources, such as data from authorization systems, information from external transactional systems, and even data from internal CRM systems.

Then the data is extracted using methods like APIs, parsing of structured files, and database queries. That captures a wide variety of payment-related information like transactions, customer details, and financial records.

After extraction, the data is transformed into a standardized format and enriched, where necessary, with details like client participation, programs, relationship with other participants, and billing terms. The data is then integrated into a central repository.

“There was a time when it made sense to have payments data in silos, whether it be for security reasons or simply the limitations of technology,” Riley said. “However, now being able to bring it all together into an actionable form is truly transformative.”

Key Competitive Advantages

Throughout the process, consolidation providers should prioritize data governance, delineation of ownership, implementation of access control, and compliance. Once the consolidation is complete, businesses will have several key advantages.

“The biggest advantage of a consolidated payments data platform is it gives companies a uniform enterprise view of all their transactional data,” Meeks said. “It’s a challenge to implement an enterprise-wide data management strategy that provides access to all payments data regardless of transaction type or source. However, the centralized viewpoint makes it worth the effort.”

A data repository can eliminate challenges like duplicate data or missing data due to silos. It also allows businesses to normalize data from disparate sources to make it more understandable. Payments data consolidation sets up companies to leverage advanced analytics and reporting tools that can generate real-time insights. That enables informed decision-making and improves operational efficiency.

As data is ingested, a company could calculate fees, reconcile transactions from different sources, and link transactions from diverse sources to create transaction life cycles. The business can also process disputes as soon as the data arrives.

“On top of those benefits, there’s a substantial cost savings that goes along with it,” Protaskey said. “Eliminating data silos from redundant systems reduces overall maintenance costs and lowers a system’s complexity. It allows companies to allocate resources more efficiently and focus on innovation and value-added activities, instead of wrangling data and reconciling disputes.”

The Right Repository

Payments data consolidation hinges on the data repository, so it’s important to select the right platform from the start. The process starts with examining disparate systems and detailing how they will be tied together.

“It takes time and expertise to do it right, but putting in the effort to create an effective system is just good data hygiene,” Riley said. “The beauty of the process is once it’s set up properly, the inputs become routinized and the structure can be repeated, or enhanced, as time goes on.”

Because there are a wide variety of data sources that all have unique characteristics, automating data loading can have a significant impact. It simplifies the data-gathering process and takes the load off operations staff.

Data should be continuously loaded through a real-time feed or by chasing an authorization log file. That allows a business to substantially improve their ability to meet tight SLA windows at the end of the business day. It’s also important to have a repository that can ensure data quality. If a transaction record doesn’t pass validation checks, the system shouldn’t stop processing.

“A best practice is to set the transaction aside into an exception list, continue processing, and notify operations staff,” Meeks said. “Oftentimes, it is a simple issue like a new merchant has been onboarded, but their configuration wasn’t entered into the system. Operations staff can correct the issue and resubmit just the exceptions for processing.”

Right for the Future

Another important aspect of a data repository is that it’s scalable, and not just in terms of supporting increased transaction volumes. The system should also support constantly evolving payment types. For instance, the protocol for card transactions is ISO 8583, but systems should also be able to handle ISO 20022, which supports the emerging real-time and cross-border payment types.

“It’s important to address your current needs, but it’s just as important to get it right for the future,” Protaskey said. “The repository should be flexible enough to leverage future technologies like AI and custom data analytics tools. It’s difficult in a constantly evolving environment, but you don’t want to be stuck in a system where you can’t move forward as the technology and the industry advances.”

Payments have a short SLA, and companies need to respond quickly to complete transactions. That means a data repository shouldn’t impact the performance of the system. To that end, the repository should be externalized from the production system so it can be managed independently and leave payments unaffected.

If it’s externalized, however, the repository should have a secure PCI compliant user interface where authorized users can navigate and find payment data in one location. In addition, an external data repository should have extensive security protocols, so there’s no way for an unauthorized user to access the data.

Overall, consolidated payments data repositories can improve compliance, mitigate risk, perform back office processing, and even optimize marketing functions.

Learn more about BHMI’s Concourse Financial Software Suite

The post The Competitive Advantages of Payments Data Consolidation appeared first on PaymentsJournal.

Fiserv and Plaid are working together to provide consumers a secure way to access and share their financial information.

Through the partnership, consumers with accounts at roughly 3,000 bank and credit union clients affiliated with Fiserv will be able to share their financial data with more than 8,000 applications and services integrated within Plaid’s network. Essentially, consumers will be able to share their financial information with their preferred third-party financial apps.

“Our partnership with Plaid allows banks and credit unions to empower consumers to access their financial information beyond the financial institution, while maintaining their trusted role at the center of people’s financial lives,” noted Matt Wilcox, President of Digital Payments at Fiserv in a prepared statement. “By facilitating access to a broad range of capabilities and experiences through third-party apps and services we are charting a course towards an open finance ecosystem that prioritizes data privacy, consumer access, and choice.”

Financial Transparency

The partnership places a strong emphasis on security. In a press release, Aly Yarris, who heads up Financial Access Partnerships at Plaid reiterated the company’s commitment to providing secure and reliable API connectivity to a broad range of financial institutions, regardless of their size or location.

Both companies also assure that the data sharing will be in line with regulations, including any anticipated guidelines noted by Dodd Frank 1033.

Data Sharing Is Vital for Financial Institutions

Financial institutions are always looking to capture valuable customer insights, and they’re able to do just that via data sharing. As David Excell, founder of Featurespace, noted in a PaymentsJournal Podcast last year, “data sharing enables the banks to protect the customer and create new experiences for that customers instead of [offering] new products and services to meet those real-time needs and requirements.”

Overall, the collaboration between Fiserv and Plaid has the potential to bring substantial changes to the financial services landscape. The effort empowers consumers to have greater control and access over their financial data, while maintaining security standards as well.

The post Fiserv and Plaid Team Up on Financial Data Sharing appeared first on PaymentsJournal.

In the United States, the vast number of financial institutions and the absence of federal regulation around consumer access to bank data have resulted in a fragmented open-banking landscape. Permissioned data providers can play a crucial role in navigating this landscape, facilitating secure and efficient data sharing between consumers and businesses. They can help streamline processes such as verifying loan or insurance applications or screening potential tenants and employees.

In a recent report, “Why Data Isn’t A Zero-Sum Game in Payments,” Matthew Gaughan, Payments Analyst at Javelin Strategy & Research, outlines the main players among permissioned data providers and how the inevitable regulation of the space will affect open banking.

Differences Between FIs in Europe and U.S.

Open banking promises to democratize and modernize the financial services industry. It fosters competition among financial institutions and fintech startups, leading to improved offerings, reduced operational costs, and enhanced customer experiences.

Open banking’s structure will vary depending on the financial framework it is in. Just look at how different open banking looks whether you’re in Europe or in the United States.

“The UK banking market is very concentrated, with the top five FIs responsible for an overwhelming majority of current accounts in the country,” Gaughan said. “This allows the UK government to play an outsized role in standardizing the APIs that FIs must adopt, making adoption easier.

“The U.S. market has nearly 10,000 FIs across the country with varying levels of resources and technological capability. This has led to a disparate implementation of (application programming interfaces) at FIs across the country. Financial data providers emerged in the U.S. to help close this gap. The Tier 1 players in the U.S. include Mastercard Open Banking, MX, Plaid, and Trustly, and broadly speaking, they help create a two-sided marketplace of providers and consumers of financial data through a network of APIs.”

Standardization Will Open Up the Industry

Although there has been a lack of open-banking regulations in the United States, that could soon change. The Consumer Financial Protection Bureau is working on a standardized rules framework through Section 1033(a) of the Dodd-Frank Act. This will level the playing field by ensuring that consumers can access their data uniformly, regardless of the data provider.

“The rules are expected to be finalized in 2024 and would potentially require financial data providers to provide consumers with certain financial data—transactions, products, account-level information—upon their request,” Gaughan said. “That could limit permissioned data providers’ ability to create proprietary standards and ultimately increase competition in the space.”

With standardized access to financial data, fintech startups and other innovators can more readily enter the market and develop new services and applications, without having to navigate a complex web of proprietary data standards.

Proprietary data access standards can also create data “lock-in” scenarios where consumers are reluctant to switch providers because it’s cumbersome to move their data. Standardized data access reduces this lock-in effect, making it easier for consumers to explore new financial services. This could benefit fintech startups and smaller players.

“A lot hinges on the CFPB’s anticipated regulation,” Gaughan said. “Financial data providers are working with clients—FIs, fintechs, merchants—to establish data connections through APIs. The fragmented nature of the U.S. banking market makes reaching all 9,000-plus FIs difficult, but an API mandate would accelerate the adoption of such technology.”

Learn more about how the fractured nature of U.S. financial services can affect open banking.

The post Disjointed Open-Banking System in U.S. Leaves Opening for Permissioned Data Providers appeared first on PaymentsJournal.

It’s no secret that consumers increasingly want and expect personalized service from places they patronize—and financial institutions (FIs) are no exception. According to J.D. Power’s 2022 U.S. Retail Banking Satisfaction Study, 78% of respondents would continue using their bank if they received personalized support, but just 44% of banks are actually delivering it.

A clear opportunity exists for financial institutions to increase account holder engagement and open up new revenue possibilities. How can FIs reach account holders with the right personalized offers? The key lies in data.

Start with Credit Scores

Nearly two-thirds of U.S. consumers check their credit scores every month, according to LendingClub research, providing a quick and easy way to gauge their general financial health. FIs with credit score products embedded in digital banking can help account holders integrate that intel into their overall financial dashboard. The more financial wellness insights and tools FIs can provide, the easier it is for consumers to understand what steps they need to take to achieve financial goals. Wellness insights instill greater confidence when making significant financial decisions, such as initiating home and auto loans.

Providing such financial planning and wellness tools can deepen the connection and level of engagement account holders have with their FI and ensure that the FIs digital presence is the place where account holders regularly return to check on their financial status.

Follow the Trail of Transactions

Credit scores and financial wellness info are a great way to establish your FI as the place that account holders go for a financial check in. The next step is to build on it and provide personalized financial recommendations and educate about how your products and services can help them take the next step. Utilizing transaction data allows your FI to understand the financial needs of account holders and match them with offers that best fit their needs. This is an effective marketing tactic to build greater bonds with consumers and drive stickiness to the financial relationship.

Data can be the foundation to deliver relevant communications with account holders. Here are a few examples.

• Account holders who are making a large number of payments to buy now, pay later (BNPL) providers might be interested in a credit card or a debt consolidation loan.

• The presence of trial deposits from competitive investment firms would be a signal to communicate information about your wealth management services to prevent deposits from leaving your FI.

• Account holders with transfers to high interest savings accounts would be great candidates for money market or certificate of deposit (CD) campaigns.

• Consumer accounts with incoming deposits from merchant processors are likely businesses who should open a business account.

Transaction data cross-referenced with other intelligence such as products held with your FI, services and channels utilized, balance data, digital banking log-in and usage data, and other key banking core data fields enables hyper relevance and targeted messages that tells account holders that your FI knows them. Similar to a concierge at a five-star hotel, data can help your FI anticipate financial needs before account holders may even know they have them.

Greater Engagement, Greater Trust

Leveraging deep transaction data analytics helps FIs strengthen their relationship with account holders. Understanding which account holders need financial products, and proactively reaching out to them with education, innovative digital tools, personalized messaging, will make the FI the go-to source for account holders.

The post How FIs Can Boost Digital Engagement Banking with Account Holders Through Data appeared first on PaymentsJournal.

Concentration risk has been playing an increasingly important role in banking regulation in recent decades. Diversification within investment portfolios is not only desirable but a necessary aspect of risk management. This same approach is also necessary for financial services on a technological level—to ensure the operational resilience of the digital infrastructure powering the future of banking business models and services.

Gone are the days when storing all critical data on premises in the company data center was the safest option. Business continuity and disaster recovery strategies today depend on cloud solutions that can be accessed 24/7, regardless of any incidents or outages on the ground at or near one company location. One cloud is not enough. To truly secure data flows and create resilient connectivity, a multi-strategy approach is needed—for clouds, for data centers, and for connectivity providers.

The cloud has become essential to the smooth running of any modern business. In addition to speed and scalability, it enables an increasingly mobile workforce to access data and resources regardless of location. It also allows businesses to connect with the latest artificial intelligence (AI) and analytics tools and capabilities, and to implement strong disaster recovery and business continuity plans.

While security was once a concern, most organizations are now confident the tools and processes implemented in cloud infrastructure can deliver robust protection. In fact, many are now realizing their critical data and workloads might be far safer in the cloud than stored in one specific location, with this location representing a clear single point of failure. Business continuity and disaster recovery strategies today are more focused than ever on the secure storage of critical data in the cloud, and the need to provide uninterrupted access to it.

When Caution Becomes an Unintended Source of Risk for Critical Data

Analysts, observers, and growth strategists bewail the fact that banks are notoriously conservative when it comes to digital innovation. This reluctance can be clearly seen when it comes to cloud adoption. While the finance sector has been relatively slow to move to the cloud, adoption is now accelerating, as changing customer expectations push banks and other financial institutions to emulate the speed, agility, scalability, and efficiency of cloud-native organizations. Nonetheless, the conservatism seen in the financial sector has often resulted in institutions being extremely selective and often exclusive in their choice of cloud partners. And although this degree of caution is expected in such a critical sector, the lack of diversity in infrastructure dependencies that result from such a strategy becomes a new risk factor in its own right. This leads to the risk of cloud concentration, where key financial services become overly reliant on one specific cloud service provider. Whether it’s Deutsche Bank and Google Cloud, UBS and Microsoft Azure, or BNP Paribas and IBM Cloud, many financial institutions have close relationships with single cloud service providers. And too much of one thing—even if it is in essence a good thing—is rarely a good idea.

Cloud Concentration—Putting All Your Eggs in One Basket

Certainly, working with trusted partners is an essential ingredient in critical sectors like financial services, but financial regulators around that world are increasingly concerned about cloud concentration—that, despite the benefits of cloud infrastructure itself, this exclusive partnership with one cloud provider may become a single point of failure. Regulators are concerned that disruption and instability across the global financial system could stem from an outage or cyber-attack on a single cloud. Although there are mechanisms to mitigate this risk through distributed computing and diversifying within a single cloud environment, regulators remain unconvinced. As a result, financial institutions need to mitigate this risk through strategically focusing on the operational resilience of their digital infrastructure—and keeping themselves ahead of forthcoming regulatory hurdles.

Interoperability and Cloud-to-Cloud Communication for Seamless Multi-Cloud Scenarios

Adopting a multi-cloud strategy is the first step towards not only mitigating over-reliance on a single provider, but also avoiding vendor lock-in, allowing financial institutions to select services from multiple cloud service providers. This also enables the cherry-picking of best-in-class services for specialist cloud providers.

But simply sourcing services from multiple clouds is not a complete solution. As a result of data portability challenges, financial institutions cannot easily switch between cloud providers, so individual workloads and applications may remain siloed on single clouds. This is also the case for certain cloud providers that offer proprietary applications not available through other providers (e.g. certain AI applications). Therefore, a second step is to ensure interoperability between all cloud environments and the given application, in order to synchronize data and results across a diverse operator landscape.

Management and orchestration of a multi-cloud scenario can become highly complex. One way to simplify this is to make use of a Cloud Exchange in combination with virtualization, automation, and API (Application Programming Interface) capabilities. This puts the booking and scaling of cloud services across providers at the fingertips of the Network Architect responsible, and enables automated scaling to be triggered at times of greater demand.

A further step required is the enablement of cloud-to-cloud communication, thus simplifying the spreading and orchestration of workloads across multiple clouds and streamlining the multi-cloud approach. Connectivity to and between cloud service providers has thus far often been overlooked in strategies and regulations alike, but its resilience is essential to ensure services can be up and running quickly in the event of any outage anywhere within the distributed infrastructure.

Diversity, Redundancy and Geographical Distribution Mitigating the Risk of Concentration

True mitigation of the cloud concentration risk doesn’t simply stop at using multiple clouds. Why? Because it’s also important to be able to access those clouds from physically independent locations. What good is a multi-cloud strategy if a bank is limited to one single location—or one single connectivity provider—to connect to the chosen clouds? If one connection fails, or one provider or data center experiences an outage, there is still the risk of a single point of failure. Your eggs are still all in the one basket, so to say. Therefore, digital infrastructure must be conceived of not only in terms of a diversity of providers, but also as geographically distributed infrastructure involving multiple redundant pathways. This creates the resilience necessary for critical applications and data.

Managing all of this will be complex undertaking, and it’s certainly a challenge, but there are ways of simplifying it. One solution is to use a distributed Cloud Exchange built on a carrier and data center neutral interconnection platform: this allows a multi-home set-up and a diversity of not only cloud providers, but also connectivity providers, network operators, and data center operators. In this way, it is possible to ensure redundant connections to multiple clouds from physically separated locations, and to manage all of the connections easily via a single portal and API. This dramatically increases the resilience of connections and ensures continuous access to critical data, no matter what happens on a local level. And this strategy has the added advantage of protecting the institution against vendor lock-in.

Critical Data – Not One Basket, but Many

You may ask, ‘Won’t the Cloud Exchange in this scenario then become the next single point of failure?’ It would seem that the concentration risk will raise its ugly head at some point, no matter what strategy is implemented. In this case, however, the answer is: No, it won’t. And here’s why: The design of the distributed platform—which is cloud, carrier and data center neutral interconnection—operated by DE-CIX, for example, offers a model on the macro scale for exactly the kind of geographical distribution, diversity, and redundancy that I also recommend for the design of enterprise-owned digital infrastructure for any critical use case. Although such an interconnection platform may appear to the outside world to be a single entity, it is, in actual fact, composed of a multitude of redundantly implemented servers, services, software, and other components, distributed across multiple locations, and supported by the services of a myriad of infrastructure providers.

Within the company premises, or within a single connected network or data center, a localized incident could lead to a situation where the given location is temporarily unable to access or send data. This is the reality that all companies and providers need to recognize, and a risk that must be mitigated—for example, through redundant power supplies and emergency generators —for critical use cases. However, for a distributed and provider-neutral interconnection infrastructure, there is no “off-switch” that could bring the entire infrastructure to a standstill. All other locations – that is, other non-related networks and data centers – will remain unimpeded by the localized incident. This is the strength of taking a cloud, data center, and carrier neutral approach to designing enterprise infrastructure: a multi-strategy approach on all levels, with redundancy across all infrastructure and providers, creates the greatest possible resilience for critical data pathways, data storage, and workloads.

The post Handle Like Eggs: Why All Your Critical Data Should Not Be Placed in One Basket appeared first on PaymentsJournal.

In recent years, organizations have made digital transformation a top priority. To achieve success, they need to effectively harness their financial data to increase revenue, improve customer experiences, foster innovation, launch new products, and expand into new markets.

Companies need to generate insights in real time to unlock the full potential of all their data. According to industry projections, nearly a third of all data will be real time by 2025. Analyzing real-time data is critical to staying ahead of the competition, as businesses can respond quickly to changing market conditions and customer needs.

In the financial services industry, real-time data has never been more important. With the adoption of fintech, customers expect fast, personalized, and convenient experiences. Real-time data can enable financial institutions to meet these expectations by providing up-to-date information about customer behavior, market trends, and risk factors, empowering them to make informed decisions quickly and efficiently.

For example, financial institutions can use real-time data to detect fraudulent customer transactions, develop models to predict credit risk, and provide personalized services and offers. All while ensuring a seamless customer experience that boosts satisfaction and loyalty.

However, leveraging real-time data requires a modern data architecture that can instantaneously process and analyze large amounts of data. Financial institutions must invest in the appropriate technologies to transform real-time data into actionable insights to gain a competitive advantage.

Detecting Fraud with Graph Analytics

With the rise of digital payments and online applications, fraud has become more sophisticated and prevalent, posing a risk to every transaction in the customer life cycle. Financial institutions must be vigilant against the increasing threat to avoid financial and reputational damage.

To improve fraud detection efforts, the industry has embraced graph analytics to identify fraudulent behavior and take appropriate action quickly. With a graph database, financial institutions can analyze vast amounts of complex data to identify patterns and relationships that traditional methods can’t.

A graph database consists of data elements and the connections between them. Each data element represents a person or an account, while the connections represent the relationships between these entities, such as transactions, identity, or social connections. Financial institutions can analyze the relationships between the data elements to identify suspicious patterns, such as multiple accounts being opened under different names but with the same IP address, or a group of people making transactions to the same offshore account.

PayPal is one company that has successfully used graph analytics to prevent fraud, saving millions of dollars in fraud losses. With a vast network of users and transactions, PayPal uses a custom-built solution capable of analyzing billions of records within 20 milliseconds to determine if there is fraud risk.

Leveraging Document Data Stores for Credit Risk Models

Document data stores are increasingly used in credit risk management as they can store and analyze large amounts of unstructured data. These document databases collect data from various sources, such as credit bureaus, financial institutions, and social media platforms, to provide a comprehensive view of a borrower’s creditworthiness. Financial institutions can analyze this data in real time using machine learning algorithms to identify patterns, trends, and potential risks and take proactive steps to mitigate them. The insights can be used to create risk models that evaluate a borrower’s creditworthiness based on credit history, income, and employment status.

For instance, financial institutions can analyze transactional data and credit bureau information to help quickly identify customers experiencing financial difficulties and take prompt action to assist them before they default on their loans. Additionally, financial institutions can use predictive analytics to develop models that identify potential credit risks before they materialize, allowing them to adjust credit limits, offer alternative payment arrangements, or start collection efforts.

Using Document Data Stores to Unleash Personalization

Personalization is instrumental in building strong customer relationships in the financial industry. To offer these experiences, financial institutions can create 360-degree customer profiles by aggregating data from various sources in real time, including mobile and location-based services.

A document data store can manage in real time all this customer information, such as personal information, financial information, and transaction history. Financial institutions can better understand their customers’ financial behavior by analyzing this data with artificial intelligence (AI) and machine learning and offer tailored product recommendations, personalized financial advice, and targeted marketing campaigns.

For example, by analyzing a customer’s spending habits and investment preferences in real time, a financial institution can provide personalized product recommendations better suited to their needs and preferences. They can also use personalization to offer customized pricing, credit scoring, interest rates, and loyalty programs, speed up customer onboarding, and predict and prevent customer churn. By using these techniques, financial institutions can enhance the customer experience and improve their bottom line.

The financial services industry faces a significant challenge in managing the massive volumes of data generated daily. By adopting a modern data architecture, they can effectively analyze this data, enabling them to stay ahead of potential fraud activities and credit risks while delivering the personalized experiences today’s consumers expect.

The post How FIs Can Power Their Operations with a Modern Data Architecture appeared first on PaymentsJournal.

Data is the driving force behind key strategic decisions for any business. But, businesses have a tough time turning the wealth of data and insights into something actionable and tangible. How can cloud data help?

Through their partnership, Mastercard and Amazon Web Services (AWS) are equipping organizations with the most up-to-date location and spending insights. This enables those organizations to make informed and strategic business decisions.

“Mastercard has a wide reach across geographies that can provide powerful insights for businesses across industries and regions,” said Paul Chang, Principal of Payments at Amazon Web Services (AWS). “Through the Mastercard and AWS Data Exchange partnership, we can collaboratively provide meaningful insights and solutions to businesses across markets and industries to help them tackle their own unique challenges.”

“When we think about our Data & Services business at Mastercard, we focus on helping our customers make smarter decisions that result in better outcomes for everyone,” added Stuart Finkelstein, Executive Vice President at Mastercard Data & Services. “Our collaboration allows us to improve our reach with the simplicity of access and helps us drive scale by getting these powerful tools into the hands of more customers.”

Both companies delved into their partnership and why it’s so important in a recent PaymentsJournal podcast. Finkelstein, Chang, and Marco Salazar, Director of Technology and Infrastructure at Mercator Advisory Group, spoke about two offerings. These are Mastercard SpendingPulse™ and Mastercard Places. They discussed how these are critical solutions for organizations looking to stay ahead of competitors.

The Benefits of AWS Data Exchange

Through AWS Data Exchange, customers can locate, subscribe, and use third-party data to supplement their own internal data. This enhances their decision-making.

According to Chang, data subscribers expressed the need to locate and use data within the cloud. “They wanted it to be as easy as it is to shop online today so that their team can focus on producing differentiated products and spend time on value-added activities rather than discovering data, maintaining infrastructure, or managing revisions,” he said.

“As a subscriber, you can reduce time to find and source data from months to hours with minimal changes to existing operations,” Chang added. “AWS Data Exchange makes managing data subscriptions easier by consolidating contracts, billing, and payments in one place.”

Meanwhile, data providers are also seeing the benefits, particularly in reaching a broader set of customers. “A data provider can publish data simultaneously to all its customers and spend more time growing their business rather than managing the logistics,” said Chang.

Harnessing the Power of Data-Driven Insights

Both Mastercard and AWS saw the challenges organizations face in regard to data. Many weren’t sure what to do with the trove of information they have or if it’s accurate.

“Mastercard SpendingPulse is a macroeconomic indicator of retail sales, which measures in-store and online retail sales and includes all forms of payment,” said Finkelstein. “It utilizes anonymized aggregated sales activity taken directly from the Mastercard Payments Network and is combined with survey-based estimates for other types of payments such as cash and check in order to answer key business questions for our customers.”

“For instance, customers may use this to gain a competitive perspective that allows them to understand their market share and their competitive positioning,” Finkelstein continued. “It gives them timely information that allows them to adapt and react quickly to changing sales trends. This understanding of trends opens up data-driven opportunities as they examine consumer purchasing habits and perform forecasts that help them identify and capitalize on untapped potential.”

Mastercard Places offers a comprehensive view of all merchant locations that accept Mastercard as payment both online and in-store. “Places is captured from aggregated anonymized transaction data that matches to third-party location data listings,” said Finkelstein. “Using Places, our customers can understand changes to merchants over time and what payment activities each location supports — and how the merchant landscape continues to evolve.”

A Focus on Ethical Practices

With Mastercard’s immense reach worldwide — amassing a staggering amount of data — it’s sitting on a gold mine of information. This is prompting the need for ethical policies for its use.

“Payments networks have multiple touch points from both a consumer and merchant standpoint,” said Salazar. “This provides access to a rich set of data that powers and streamlines a plethora of products and experiences.”

“This has to be done with a fine balance,” he continued. “It has to be focused on ethical access and use of the data that accounts for privacy from both sides.”

“The network itself and the data that we have is tremendously important,” added Finkelstein. “Last year, Mastercard processed $7.7 trillion in gross dollar volume and processed 112 billion transactions from about 3 billion cards across 200 countries and territories. The use of all that data and the power that it brings has to be combined with our ethical practices.”

When it comes to ethical practices, the focus is on security and privacy, transparency, and control. With accountability, the solutions ensure that the individual’s interest is front and center. The result is for the data analytics to promote inclusive, comprehensive, and equitable behaviors.

“We always have integrity as we look to innovate consistently to ensure the individual benefits from the use of their data through better experiences,” said Finkelstein. “The combination of our powerful data and ethical use practices, we believe, is what makes our data so powerful in our solutions.”

How Customers Are Using SpendingPulse and Places

Leading organizations use Mastercard SpendingPulse and Places to enhance their day-to-day decision-making. For example, a drugstore chain wanted to measure performance in markets by taking account of the effects of macroeconomic trends.  “Using SpendingPulse insights, they were able to benchmark how they performed in those particular markets compared to the industry as a whole,” said Finkelstein. “They also understood the channel spending trends.”

“They found that they underperformed in higher density areas, where the shift to online was more pronounced and in-store shopping was declining,” he added. “Taking all of this into account, they developed a deep understanding of how they performed, and completely changed their future investment strategy as a result.”

In another example, a grocer wanted to expand and open new locations. It needed to know where its competitors were located, as well as the shopping behaviors of consumers in that area. Using the Mastercard Places solution, the grocer gained an understanding of potential competitor merchants as well as their locations. They also received an indicator of their popularity among consumers.

“The grocer was able to leverage this information to pinpoint the ideal location for a new store,” said Finkelstein. “And they were able to create a road map for future growth without cannibalizing their own footprint or entering over-saturated markets.”

Looking Ahead: Key Trends This Holiday Season

According to Mastercard SpendingPulse, there are three key trends to expect this holiday season. The first is that many consumers will begin their holiday shopping earlier this year. Consumers will be seeking out bargains as the cost of everyday essentials continues to grow.

Key promotional days, including Black Friday, will make a strong return this year. Also, Christmas Eve falls on a Saturday and is slated to be one of the biggest days for retailers.

Finally, in-store experiences will be in full force. More brick-and-mortar stores are offering in-store experiences to get shoppers in the door.

For more information on the Mastercard SpendingPulse and Places solutions, follow this link.

The post Cloud Data Accessibility Informs Value-Oriented Business Activities appeared first on PaymentsJournal.

This piece in The Banker involves a subject that is not typically high profile and therefore not always conceived of as an area of opportunity.  However, how corporates connect to the various resources provided by their primary and secondary financial institutions is one of the keys to a strong (or not) treasury relationship, an important constituency to say the least.  We have covered this topic generally through platform banking and virtual account member research.  According to the author corporate banking entities are waking up to the client experience trend that has gained momentum with the further technology gains that come along with cloud, APIs and new ways of thinking about providing services. How will standardized connectivity impact treasurers?

‘Standardised corporate-to-bank enterprise resource planning (ERP) connectivity could solve many a headache for corporate treasurers. No longer would they have to expend effort and time in tailoring file formats to each bank’s proprietary data structures. Instead, onboarding would become a more streamlined and faster process, and switching banks would be a breeze….While the potential upsides for corporates are clear, the ability to quickly switch could be seen as a threat for banks, who previously thought that a cumbersome process created customer ‘stickiness’ – e.g. customers stuck with their incumbent banking relationship because it was too much of a hassle to start a new one.’

Any time we read secondary research on the topic of treasurers reviewing bank relationships it is clear that although they are typically satisfied, most would like more leverage in potentially moving around relationships, and one of the things preventing such flexibility is the hassle factor.  So the author goes on to summarize collaboration between Santander CIB and SAP’s Multi-bank Connectivity (MBC) capability.  Standardized connectivity? The end goal is to adapt to the embedded banking capabilities and much greater information sharing potential that modern connectivity tech can provide. Worth a quick browse for those interested.

‘As well as becoming the first EU bank to join SAP MBC, Santander Corporate and Investment Banking (Santander CIB) is now co-innovating with SAP around the concept of invisible banking. “The idea is for corporate users to have our services available whenever they need them. A corporate banking portal (or app) is not enough for us in our digitalisation strategy,” says José Luis Calderón, head of global transaction banking at Santander CIB….“It all begins with our global transaction banking products: from payments to working capital solutions, including supply chain finance, sustainability finance. We will leverage our specific products, expertise, data and analytics to give value-added insights,” he adds….Specifically, the two organisations are looking to create financial tools to help customers navigate supply chain disruptions and accelerate the decarbonisation of their industrial activities. Mr Calderón says that one area that they will be exploring is how to streamline the information exchange for sustainability-related transactions. But he also adds that the “possibilities are endless” when it comes to value-added services that can be created based on better insights into client activities.’

Overview by Steve Murphy, Director, Commercial and Enterprise Payments Advisory Service at Mercator Advisory Group.

The post Standardized Connectivity and Data Flow appeared first on PaymentsJournal.

Browser security is now mission-critical for any organization that processes payments online. This reality is a key element of the new Payment Card Industry Data Security Standard (PCI DSS) released in March of this year with full implementation required by 2025.

Driven by industry feedback, PCI DSS v4.0 strengthens protection of payment data with new controls designed to address the increasing sophistication of cyberattacks. The latest version introduces many changes designed to promote security as a continuous process, with the ability to evolve as threats change.

A key area of focus for v4.0 is the need to monitor and manage browser scripts as the PCI industry works to stay a step ahead of emerging cyberattack strategies. Scripts play a crucial role in creating the personalized, regionalized experiences that online shoppers expect and demand. However, they are a growing threat vector.

Shifting threat surface

To date, there has been more focus on back-end threats to servers but this is now changing in response to increased risk of front-end browser attacks. The massive Magecart form-jacking attacks that made headlines haven’t gone away—they’ve simply evolved as attackers change tactics and target client-side vulnerabilities in the browser. Malware can be injected into JavaScript code to either skim credit card data or serve up fake payment forms. Preventing this avenue of attack is a major goal of the new security standard.

Specific PCI DSS v4.0 requirements related to browser security include implement methods to confirm that each script is authorized, assure the integrity of each script and maintain an inventory of all scripts with written justification as to why each script is necessary (section 6.4.3); and ensure that unauthorized changes on payment pages are detected and responded to (section 11.6).

Promoting script awareness for PCI DSS Compliance

A key theme is that script awareness needs to be a continuous area of operational focus—not just sporadically, quarterly or annually. Given the tremendous number of scripts running in today’s e-commerce websites, trying to keep track of all script activity—especially changes to scripts—using manual methods is unwieldy, if not impossible. Automating the process of monitoring scripts will reduce the chance of missing any changes that require attention.

Detecting changes in highly dynamic applications is a challenge. You must also understand what has changed, quickly determine the risk of the change, and have a clear protocol or policy defining how to respond. This must all be done without impacting the user experience or adversely impacting the agility of the development teams.

The value of collaboration

While technology plays a role in automating some of these processes, PCI DSS v4.0 also provides another good reason for close collaboration among Fraud, Security, and Risk Management teams. While these groups have tended to operate separately, the unique nature of front-end attacks require a coordinated approach. Ensuring all of these teams are aware of PCI DSS, the particular importance of “script awareness” and solutions available to address the requirements is crucial to ensure compliance and minimize risk.

Of course, technology will play a key role in automating script management. Making sure that solutions from technology partners are themselves PCI DSS compliant is critical. Understanding a partner’s roadmap for compliance with v4.0 will help you evaluate that relationship as the 2025 deadline for implementation approaches. Will they have functionality for inventorying and managing scripts? Will they make it easy to monitor for specific authorized behaviors to identify suspicious scripts while reducing false positives? Do they already have this functionality or does it exist only on a whiteboard?

Your PCI DSS defense starts now

Expanding threats require additional protections. PCI DSS v4.0 lays out a set of new safeguards that can help address the growing threats targeting the payment industry. The new requirements do not become effective until early 2025. But taking steps now to achieve compliance will go a long way to protecting your business and your customers’ data.

Here’s the good news: There are solutions—both technical and operational—to address the challenge. Being vigilant, raising your script security awareness and implementing technology that helps automate and simplify script monitoring and management will position you for PCI DSS v4.0 compliance while helping thwart the card skimmers.

The post PCI DSS v4.0 Compliance: Raising Your Script Security Awareness appeared first on PaymentsJournal.

Merchants, their acquiring banks, and payment service providers (PSPs) all face a daunting challenge: They’re under pressure to reduce ever-increasing transaction fraud while at the same time increasing revenue by taking on more volume with less friction for customers and merchants where sales are made. 

According to Amyn Dhala, Chief Product Officer at Brighterion, a Mastercard company, this is where machine-learning models can get ahead of fraud trends.

In an episode of PaymentsJournal Podcast, Dhala and Don Apgar Director of Merchant Services Advisory Practice at Mercator Advisory Group, discussed how these fraud detection models are changing, the rapidly evolving fraud techniques that make the models valuable to merchants, banks, and PSPs, and the challenges in deploying the models.  

Among their discussion points: 

• How AI is evolving in detecting and blunting transaction fraud 
• How AI can help ease the pain points of fighting fraud 
• What it means for acquiring banks, PSPs, and large merchants to have a “market-ready” model 
• How the return on investment looks for those employing such solutions 

The Evolution of AI Models 

The challenge, in sum, for acquiring banks, PSPs, and large merchants, is to decrease fraud while still increasing revenue. That is, handle more transactions, say yes to more credit applications and subsequent sales, minimize false positives in fraud detection, and still reduce the overall instances of fraud, all while making the processes for identifying and mitigating fraud as frictionless as possible. 

And do all of that while accounting for fraud techniques that are ever changing and increasingly sophisticated. 

In instances of known fraud, static rules for transactions have worked to the advantage of banks, PSPs, and merchants, Dhala noted. The problem lies in the evolution of fraud, which cries out for an equally evolving means of detecting it. 

“As time progresses, these rules are not adaptive,” Dhala said. “They become a drag in terms of your operational performance.” 

Enter AI models, which draw on large, world-class data sets for intelligence on how fraud is perpetrated, allowing for more accurate prediction, detection, and assessment of trends. The Mastercard Brighterion models, for example, are underpinned by “billions of transactions,” Dhala said. 

Apgar noted that Mercator research into chargeback fraud grasped the scale of the challenge. “It almost became unmanageable without tools like machine learning and AI,” he said. 

How AI Helps Ease Fraud-Fighting Pain Points 

For any organization’s fight against fraud — be it a bank, a merchant, or a payment service provider — the coin of the realm is data.  Data can provide a better perspective on fraud. The problem lies in extracting the data that can train a machine-learning model to predict, detect, and anticipate fraud. Further, organizations must contend with other issues, including: 

• Explaining why and how a transaction was scored the way it was 
• Adhering to the privacy norms of the applicable country where the transaction occurred 
• Using the data sets in concert with existing systems 

Dhala noted that a “market-ready” model should be able to handle these tasks at scale, whether on-premises or in the cloud. “Interoperability becomes crucial,” he said. 

What It Means to Be “Market-Ready” 

As fraud prevention has evolved from rules-based to initial fraud modeling to the most recent iteration, Dhala noted that so-called “market-ready” machine-learning models should be exceptionally accurate and based on a broad, deep set of historical data. Models should also be underpinned by billions of transactions containing data that can identify fraud and be able to learn from those patterns. Finally, machine-learning models should be “network agnostic” and customizable to relevant user specifications.

“It’s not just you feed your data into the grinder and the answers come out,” Apgar said. “The machine or algorithm is getting smarter by assessing the actual outcomes vs. the predicted outcomes, then using that knowledge to improve the score. When you talk about ‘market-ready,’ there’s already been a significant amount of development and additive value that’s come to the model.” 

The Bottom Line — and the Top Line 

Dhala said that fraud detection — relying on a vast trove of historical and ongoing data extraction as well as real-time scoring of all transactions — can be achieved while reviewing fewer than 1% of the transactions and with no customer interference.

But he also noted the top-line benefits. When issuing banks see fewer fraudulent transactions from a merchant or an acquirer, approval rates will go up, thus increasing revenue. 

“The more data that you can review and the more efficiently you can review [the data] really is what drives that equation,” Apgar concluded.  

The post Putting AI and Machine Learning to Work Against Fraud for Banks, PSPs, and Merchants    appeared first on PaymentsJournal.