Banks and credit unions that have watched from the sidelines as the likes of Square, PayPal and Intuit built a mobile-payments market from scratch now have their own product to offer — a product merchants can't get off a retail-store shelf or from an independent sales organization.
Fiserv plans to distribute its new SpotPay mobile card reader exclusively through financial institutions.
"Business customers are hearing the promise of Square, hearing the promise of [PayPal] Here, and are walking into financial institutions today – I know it for a fact – are walking into institutions and saying, 'What do you have?' " says David M. Keenan, Fiserv's general manager of network solutions.
Banks and credit unions "are in a unique position to provide the security and the trust that you and I take for granted, that … when we make a payment, it's going to go through, it's going to be safe and it's going to be secure," Keenan says. "They're just lacking the tools to go out and introduce products to their businesses."
The SpotPay reader, which Fiserv plans to announce as early as today, connects to a mobile phone or tablet through a dock connector or Bluetooth wireless signal. It handles swiped card payments and encrypts the stripe's contents before communicating with the smartphone or tablet app.
Since the reader encrypts card data, it puts the mobile device it's attached to "out of scope" for compliance with the Payment Card Industry data security standard, Keenan says. The PCI standard describes how entities handling payment-card information must secure it. Financial institutions can choose to provide a separate SpotPay app to allow card numbers to be typed by hand, though this would require the mobile device to be vetted for PCI compliance, he says.
MagTek makes the SpotPay reader and handles the encryption and decryption of payment data. Fiserv also works with WorldPay, which handles payment processing and the underwriting of any merchant using SpotPay.
With WorldPay's involvement, a bank or credit union using SpotPay "takes no underwriting risk" on any merchant enrolling with SpotPay, thus speeding up the process of getting merchants to use the device, Keenan says.
Next year, Fiserv plans to tie in its UChoose rewards system, allowing merchants to enroll with UChoose at the same time they begin using SpotPay.
Financial institutions would be able to apply their own branding to the SpotPay devices they distribute. Fiserv also has a mobile-wallet app planned for next year to allow consumers to pay SpotPay merchants without swiping a card. Banks and credit unions would also distribute the consumer app, though it would be compatible with any SpotPay merchant, regardless of where the merchant banks.
The consumer app would display some common branding to show consumers that they can use it to pay at merchants that obtained SpotPay from a different financial institution, Keenan says. Fiserv has yet to decide whether that brand will be SpotPay, its person-to-person payments brand Popmoney, or the brand of its Accel/Exchange debit network.
Fiserv is putting Accel/Exchange at the heart of its latest payment initiatives, including SpotPay. In December, Fiserv will allow SpotPay merchants to tap into the Accel/Exchange network to receive instant funds from checks scanned through the SpotPay app's remote deposit feature. In the spring of next year, Fiserv will also make funds available in real time from card payments handled through the Accel/Exchange network and any other networks that agree to partner with Fiserv.
Fiserv has similar plans to speed transactions for its Popmoney person-to-person system by tying it to Accel/Exchange and other debit networks.
Fiserv also plans later this year to allow merchants to enroll their own accounts with SpotPay by swiping their Accel/Exchange card as the device's first transaction, Keenan says.
The Accel/Exchange network's speed is a key selling point of the SpotPay and Popmoney services, he says.
With current payment systems, merchants are forced to wait to receive their funds from a check or card payment even though they provided a product or service immediately, Keenan says. "Why should you wait a day or two to get paid? You've given the service in good faith."
Technology is no longer a hurdle for real-time payments, Keenan says.
"The model that we're using is based on a 1960's model of delayed, batched settlement, " he says. "We certainly have the technology to pay you in real time. Why shouldn't you get the funds put into your account right away?"
With SpotPay, merchants would pay no extra fee for real-time payments. Merchants would pay $8.95 a month plus 199 basis points per transaction to use SpotPay for swiped card payments. If financial institutions choose to offer non-swiped payments, merchants would pay 319 basis points for those transactions.
Despite the monthly fee, SpotPay should be more cost-effective than Square for any merchant handling more than $700 a month in sales through the device, Keenan says. However, Square has lately demonstrated an openness to shaking up its own pricing to attract more merchants.
Financial institutions would share in the revenue from SpotPay transactions, but Keenan would not say how much revenue Fiserv shares. Two credit unions are signed up to use SpotPay already. These credit unions, which Keenan would not name, helped Fiserv test the SpotPay system.
The SpotPay device does not handle payments from EMV chip cards or Near Field Communication chip-equipped mobile phones. The version of SpotPay that links to an iPhone or iPad's dock connector is based on the current dock connector's design, though Apple is rumored to have redesigned the connector for the next iPhone model.
MagTek is nimble enough to quickly redesign the SpotPay device if Apple changes its hardware, Keenan says. The Bluetooth version of SpotPay does not need to connect to a dock connector for any part of a transaction, he notes.
Fiserv can also someday use MagTek's secure-token technology in place of plastic cards to further improve security for payments.
"We believe in the new model of commerce" enabled by such technology, Keenan says. "You should never expose your credentials … out into the wild wild west."