Acquiring market in Ireland – primed for a shake up!

At the moment the Irish acquiring market is undergoing some significant changes, with new contracts and moves across the industry.  It is certainly poised for a shake-up of some sort.

To my mind this market broadly divides into three – physical, DCC and online. I have blogged before about DCC and will discuss the online world shortly; my focus in this blog is the changes in the physical acquiring market. The main players here include AIB Merchant Services, Elavon, Streamline, World Pay and Barclaycard.

Market share stats are hard to come by for the Irish acquiring market, however it is likely that AIB MS and Elavon have the largest share of the market between them – somewhere around 70%-80%.  These market positions are primarily driven by the main bank partner business banking shares – AIB are JV partners in AIB MS and Elavon have had a 11 year exclusive referral deal with Bank of Ireland, since BoI exited the Euroconex JV back in 2003.

The big development this year is the retendering of the BoI merchant acquiring business to the market. Should Elavon not be successful in winning a renewed contract, it’s likely that this reasonably static market will see some significant change. BoI will be very careful about who they grant access to their business banking base so that rules AIB MS out straight away.  If Elavon don’t win this business again there will be change. 

At AIB MS, a JV between AIB / First Data, there are plans to drive the business more aggressively. David Courtney, an experienced financial services executive with a strong marketing background, has recently taken over as GM and is likely to be instrumental in driving this business forward.

Other niche players are also starting to make some inroads. For example, Irish company Blue Sky Payments, which is gaining market share on the domestic front by undercutting competitors and offering something different. Earlier this year, they announced a strategic partnership with VeriFone Systems to provide VeriFone payments terminals to businesses in Ireland.  The partnership will also involve collaboration in terms of offering customer services and support for the payments terminals, as well as support with sales, marketing, provision and procurement.

Similarly, Irish-owned Stripe Payments, which launched in Ireland at the end of last year, offers businesses an instant setup and straightforward pricing model for card processing services with no monthly fees, minimums, or any other charges.

However, there are areas that require further development and could definitely be exploited. Change from the customers’ perspective would be refreshing- the market is suffering from a lack of innovation and new products.  For example, the whole area of smartphones and credit cards.  It never fails to surprise me that we still don’t have a robust offering where consumers or sole traders can process credit card transactions through their smartphone.  I have yet to see any mobile merchant, like a plumber or gardener be equipped with hand held acquiring devices, which are common in the UK.  With smartphone penetration in Ireland at 57% and on the rise, this would offer an ideal hassle-free, low-volume solution for smaller retailers and consumers.

In addition, the quality of acquiring terminals in many locations leaves a lot to be desired (as a card nerd I check these things!).  There are plenty of opportunities for a new or dynamic incumbent to chase market share via the BoI business.

The market is attractive.  Figures indicate positive and continued growth with card usage increasing globally and projected card transaction volumes to reach US$21.9tn by 2015.  I believe that the credit card market will start to grow again after the retrenchment of the past few years. With moves afoot to also launch some mass market prepaid cards, this market is ripe for growth.  In the Irish context, there has been massive growth in debit cards over the past few years  - a 10% growth to 341 million purchases and a 14% rise in the value of debit card sales to €17.6bn last year — up from 309 million and €15.4bn respectively in 2012. 

One of the big strategic challenges facing the industry is the proposed EU regulations on interchange.  Issuer rates are due to fall substantially over the next few years, I strongly believe that this income will primarily migrate to acquirers … if their pricing and structures are smart enough to capture it. The question remains, who will seize these opportunities amongst existing and new acquirers, and how will this impact the industry overall?  Will the gap resulting from the end of the Elavon/BoI deal entice a new player into the market? 

I’ll be watching with interest to see what emerges.

To discuss any payment related issues, you can contact me on kevin@colthurst.ie or + 35386 2319 484

Sources:

Nielsen Report Issue 983, Forrester e-commerce research and

http://www.creditunion.ie/communications/news/2014/title,8023,en.php

http://www.wolfgangdigital.com/blog/research/irish-e-commerce-study-online-retail-revenue-increases-25-cent/

http://www.ipso.ie/?action=statistics&sectionName=IrelandStatistics&statisticCode=IE&statisticRef=IE08

Highlights of our Research Study: Strong Global Growth Potential for DCC

Recently we carried out a material research project in conjunction with the Financial Services Innovation Centre (FSIC) at University College Cork (UCC).  Our aim was to examine the global market for Dynamic Currency Conversion (DCC), to talk with those involved in the various stages of the supply chain and to look at the potential for this service in the years ahead.  Our research also looked at Multi-Currency Processing (MCP), a merchant re-pricing mechanism focused on the eCommerce market allowing the merchant to market and price in local currency.

I’ve blogged about this subject before, outlining the mechanism and benefits of DCC (in September and November 2013). In fact this is fast becoming a specialist area for us -  we see massive potential and this piece of research clearly indicates the exponential growth opportunities for DCC over the next 5 to 10 years.

The following factors are fuelling this growth:

• The increase in card volumes and transactions
• Growth in e-commerce
• Growth in global travel and tourism
• Global increase in business spending
• The emergence of new transaction channels
• Further customer adoption of DCC
• Further lifting of scheme restrictions 

Card usage is increasing globally with projected card transaction volumes to reach US$21.9tn by 2015.  Similarly e-commerce spend is expected to reach US$2tn by 2016.  There are now 2 billion people online today with mobile users projected to surpass desktop internet users by late 2014.  In parallel, global and business travel is on the rise, with many of the large markets like India and China set to experience double-digit growth in inward business travel over the next four years.*

DCC offers a simplified process with a guaranteed rate of exchange.  Customers have the option to pay securely in their home currency at POS when travelling or online, with price and cost certainty. All of this leads to a more convenient and positive experience.

Although many scheme restrictions are being removed and regulatory pressure is decreasing, there are still issues affecting DCC on a local level.  For example, it acts as a deterrent for cardholders when card issuers actively decline DCC transactions or apply cross border fees to any additional transaction fees.  Likewise if DCC exchange rates are prohibitive, cardholders are less likely to opt to use the service.

There are multiple DCC operators in the market, each with different operating models according to their business type and geography. The large players include WorldPay, Barclaycard and Travelex.  There are also a number of Irish players leading in this space such as Fexco, Fintrax and Monex.

Whilst there are many players in this industry, our research shows a distinct lack of innovation amongst them.  In reality, the service is largely commoditized across all the service providers leaving untapped potential for those that enhance their product offering.

There are unique challenges faced by each of the parties in the DCC process.  Amongst cardholders, DCC is poorly understood - excessive margins on transactions is giving this product a bad name.  Equally, many merchants fail to understand the revenue potential of DCC resulting in poor staff training as necessary resources are not invested.  For the acquirers, long lead times associated with implementing new merchants can again hinder progress.  Meanwhile the market for DCC/MCP processors is highly fragmented with numerous players operating across several tiers, all of which are not subjected to regulation and tend to work on their individual efforts in an uncoordinated manner.

However, despite these various challenges, there is still a clear strategic rationale for entering this market. The global market for DCC/MCP is underpenetrated and underserviced.  It is also relatively fragmented with medium levels of competition. Existing players and new entrants alike can capitalize on this, especially those who adopt an open, forward-thinking and innovative approach. 

We will continue to evaluate the DCC marketplace over the coming months, and hope to share more research with you.  For now, this gives a clear summary of the positives for the DCC industry and strongly indicates the mass potential of this service.

To discuss any of this research, or any other payment related issues, you can contact me on kevin@colthurst.ie or + 35386 2319 484

* Nielsen Report Issue 983, Forrester e-commerce research, Global Business Travel Association (GBTA) and Morgan Stanley .

PCI DSS 3.0 –failure to comply and your reputation is at stake.

The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements for enhancing payment account data security.  Developed in 2004 by the PCI Security Standards Council, these standards set out industry-wide, global adoption of consistent data security measures.

It was originally founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa International and applies to all businesses that take credit and debit cards, regardless of size or transaction volume.

Essentially the credit card companies and merchant banks have shifted the risk of data breach to the merchants through the introduction of PCI DSS.

It applies to all entities involved in credit card processing.  In fact, any business involved in the storage, processing and/or transmission of payment card numbers must comply.  The scary thing is that most merchants have no idea that the PCI requirements exist!

In its 10th year, there have been various iterations but we are now on PCI DSS 3.0.  PCI ensures customers’ personal data is protected, allows companies to protect themselves from financial losses and remediation costs.  In turn, this higher level of data security inspires customer confidence and trust, ultimately safeguarding brand reputation.

Simple right?  Actually, PCI compliance can be a confusing and costly exercise, and so often it is cast aside as businesses deal with other more pressing issues.  The market is filled with inaccurate information and myths around PCI.  Non-compliance can leave your business exposed (worst case scenario means a hacker can effectively steal customer credit card details from your system)

However if dealt with in a timely and logical manner, it can save both financial pain and your reputation in the long run.  Requirements can differ according to merchant level and card issuer so it’s important to check with your suppliers to ensure that you are meeting all the requirements.

In Ireland, Loyaltybuild was recently at the centre of a major data breach, in which the full card details of over 376,000 customers were taken. 70,000 were Supervalu Getaway customers and over 8,000 were AXA Leisure Break customers. It transpires that the details of an additional 150,000 clients were also potentially compromised.  This has caused material damage to Loyaltybuild and also to the brands affected, in some cases perhaps further fuelling customer suspicion in terms of handing over credit card/personal details to retailers. 

The large retail brand Target, in the US, was also hit by a major credit-card attack at the end of last year, involving up to 40 million customer accounts. The data breach began around Black Friday, the day after Thanksgiving and the busiest shopping day of the year.  With almost 1,800 stores in the United States and 124 in Canada, Target is a robust brand and to some extent could weather this.  However for smaller brands, this type of hit would be a disaster.

At the moment in Korea, millions of cards are being re-issued following another massive data leak scandal.  Consequently banks there have been raising their security measures to protect customers’ data.  Some of the major credit card firms, such as KB Kookmin Card, Nonghyup and Lotte Card are affected.  In fact, there are reportedly some 20 million card users in Korea and reports say that personal data of at least 10-17 million bank and credit cards holders has been leaked! 

Apparently the majority of financial firms in Korea were not even aware of the leaks for nearly one year, after which time the damage has been done.

Clearly the US and Korean examples are on massive scale but this is just as important for SME and medium sized businesses, where reputation is the cornerstone of repeat business. 

Any retailers who take credit cards have to be careful of who they select as their service provider –security and compliance are essential.   Many companies — large and small — are typically under-prepared when they face a data breach.  There are key procedures to follow in the event that this happens namely to work closely with those affected and the Regulator and to draft in the right experts to address the data breach.  It’s a very short window in which you have a chance to preserve public trust in your company.

It’s a good idea to do a thorough check of any IT and security systems in place and to review your service provider to ensure they are up to speed with PCI DSS 3.0.  We regularly work with companies in this area, and offer audit services for any business to confirm their compliance. 

If this is something that affects your business, get in touch with either of us to discuss your options.

Kevin@colthurst.ie

086 231 9484

johngavin@colthurst.ie

086 242 6382