Back to Banking & Securities matters

Technology-led shifts and opportunities in card-based payments

New technologies are opening the way for innovation in payments; to take full advantage, payments providers need to modernize three elements of their legacy technology.

Payments are the lifeblood of today’s global economy. Issuers, networks, payments processors, and merchant acquirers are investing heavily to retool their payments systems, capitalizing on several advances in technology to better align with customer preferences and sector-specific business requirements. In this article we examine recent trends in payments technology modernization, and four emergent technologies that are now—or about to—spark a wave of innovation.

Disruption and innovation in payments technology, of course, is ongoing. Real-time payments, already commonplace in many geographies, are gaining ground in the US. Point-of-sale lending and buy-now-pay-later financing solutions are reimagining lending and upending the POS experience. Tap or scan-to-pay solutions such as Apple Pay, Google Pay, and QR codes continue to grow. And as digital commerce accounts for a greater share of spending—a long-standing trend that has also been accelerated by the pandemic—cash is further displaced.

Recognizing these changes and challenges, established banks and payments processors are pursuing modernization of three elements of legacy payments technology:

  1. Infrastructure and deployments (e.g., data, switching, system of record, tokenization)
  2. Middleware ecosystem (e.g., routing, analytics, risk, authorization, instruments)
  3. Front-end channels and execution systems (e.g., customer experience/user interface, distributed point-of-sale solutions, financial wellness)

Significant transformation is underway in each of these areas. To understand today’s trends, it helps to consider in brief the evolution of payments infrastructure (Exhibit 1). Thirty years ago it was next to impossible for small startups to enter the space, given card platforms’ dependence on proprietary, monolithic infrastructure that was costly to operate and difficult to expand.

We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com

By the early 2010s, decade-old startup PayPal was processing more than $350 billion in payments annually. Advances in open-source technology, decentralization, and cloud computing have since enabled flexibility and on-demand capacity provisioning, paving the way for fintechs like Adyen, Stripe, and Square to disrupt the space. We have now entered an era of “financial functions as a service”/“container as a service” paradigms.1 It has never been easier to build flexible, fully automated systems.

With open-source technologies gaining advantage, it is now easier to apply deep learning to various workflows, including simplifying credit decisions, reducing churn rates, optimizing stand-ins and authorization rates, and reducing declines.

Ultimately, we expect a fully automated and optimized “payments as a service” (PaaS) future state, in which payments functions such as on-demand tokenization, routing, and stand-ins are codified as separate functions, assembled and extended in Lego-like fashion to offer superior customer and cardholder experience. One current example is Apple’s payment wheel. Further, PaaS can foster a personalized end-to-end experience including dynamic CVV,2 token swapping, and backward compatibility.

These flexible, modular, and automated systems have enabled the rapid adoption of cutting-edge technologies such as blockchain, DAG,3 and AI, powering the next wave of card and payments technology. Let’s consider how some of these technologies are changing the payments space and the structure of typical platform architectures.

Blockchain: For certain payments types, distributed ledger technology is enabling more cost-effective, secure, and in most commercial use cases, fully traceable money movement. In the competitive cross-border payments arena, blockchain enables near-instant and transparent payments, eliminating complex and opaque fee structures. The Kenya-based startup BitPesa, for example, uses distributed ledger settlement, allowing customers to send and receive low-cost, near-instant payments without a bank account or even an enrolled wallet. Blockchain’s distributed, consensus-based, real-time verification of transactions means that it is extremely difficult to defraud systems that use it; it also enables high transactions-per-second throughput as well as faster settlement compared to existing card-based systems. To be sure, there are technological and regulatory hurdles still to be crossed before full blockchain implementation—but the potential is clear.

Internet of Things (IoT): Increases in connectivity, device penetration, and embedded payments make the payments card industry susceptible to disruption at large. Given the amount of information that can be shared between devices, the need for physical cards and account numbers is being challenged. For example, companies are experimenting with biometrics-based payments. In October of last year, Amazon Go piloted a contactless identity service linking customers’ credit cards with their palm-print to create a unique biometric signature. Customers can then pay in a store by holding their palm above an Amazon One device. Using tokenization, devices such as smart watches can safely exchange information (via device account numbers, or DANs4) with nearby systems to process payments on demand. Back-end token swapping can further enhance value by powering real-time switching between multiple accounts.

Taking a longer view: Combined with blockchain, embedded IoT systems could one day function as decentralized credit-card processing platforms. This combination has already eroded the value of plastic cards by enabling use of a consumer’s digital ID as a key for payments execution.

Deep learning and AI: The democratization of data and neural networks makes it critically important for card issuers and payments providers to use artificial intelligence (AI) and deep learning to institutionalize next-generation fraud monitoring and AML, and to deliver value through higher approval rates, fewer declined transactions, and proactive credit limit management. Visa, in one example, used AI/machine learning models to examine over 500 transaction attributes in real-time for indicators of fraud, averting $25 billion of fraud in 2019. In another example, Honey (acquired by PayPal for $4 billion in 2019) uses a combination of deep learning and personalization to suggest targeted products for customers at attractive prices and enable straight-through payments for purchases.

AI is also paving the way for new revenue and monetization opportunities, including on-demand and real-time analytics for merchants, deep data monetization for advertisers, and effective pricing and promotion support.

Multi-function instruments: The advent of functional architectures makes it easier for banks to leverage a reference account number and back-end token swapping to dynamically link the reference account to multiple PANs.5 Banks can thus issue a single number to serve for both credit and debit accounts (within regulatory limitations) or even new tenders such as digital currency. Curve’s “smart” card, for example, enables customers to link credit and debit cards to a single physical Curve card using a mobile app. They can then switch between cards before making a payment, or retroactively change the card selected up to fourteen days after purchase.

Though multi-function instruments are still a nascent space, several payments players are advancing this technology as a next iteration of digital wallets, powered by the functional mapping of back-end capabilities.

While these disruptions are still in their early stages, they could fuel significant change. By quickly adapting and making continuous investments to update the architecture of existing platforms, payments providers can meet the disruptor challenge and launch new products and services more rapidly.

Exhibit 2 shows a high-level reference architecture for enabling the efficient rollout of new technologies and capabilities. An example would be building real-time RNN6 powered feed-forward networks to improve channel experience, streamline and consolidate customer payments journeys, and even enable real-time advice and education on financial well-being. In addition, the reference architecture would enable a modular blockchain-based augmentation with existing core banking systems to launch credit cards for cheaper cross-border payments, reducing overall cost, and improving security.

We strive to provide individuals with disabilities equal access to our website. If you would like information about this content we will be happy to work with you. Please email us at: McKinsey_Website_Accessibility@mckinsey.com

The technologies we discuss in this post present exciting opportunities—forward-thinking payments players will no doubt see the potential and are already thinking about the next wave of payments innovation. But this creative work must be based on a solid tech foundation. We suggest that incumbent providers address four core questions before embarking on the payments architecture modernization journey:

  1. Does our existing infrastructure and platform architecture enable the efficient extension of payments services, rollout of innovations, and the achievement of processing scale and efficiencies?
  2. Can our platform decouple legacy workflows, augmenting them with new workflows powered by blockchain, deep learning, and IoT?
  3. Will the modern architecture, operating model, and business strategy operate and scale across established open standards (e.g., ISO 20022, BIAN7) and connect to next-generation third parties such as digital currency marketplaces?
  4. Can our current infrastructure adapt to regulatory and institutional changes in the next few years in response to new initiatives (e.g., real-time payments, new messaging standards, more stringent requirements governing risk, fraud and privacy)?

1 Container here refers to a standardized software “package” that wraps code with all its dependencies. Containerization improves software modularity and interoperability by allowing applications to run reliably across different computing environments.

2 CVV—card verification value—is the code on a payment card in addition to the standard account number used as an extra layer of security.

3 Directed Acyclic Graph, a type of data model.

4 Device account number—an additional descriptor used in many digital wallets like Apple Pay for device authentication.

5 Primary Account Number—the number embossed on a debit or credit card

6 Recurrent Neural Network. A class of artificial network in which hyper-parameters (or nodes) are part of a directed graph and connected along a temporal sequence. Often used to decode time-series data, given their proficiency in identifying hidden patterns; for example, revealing pattern similarities to flag potentially fraudulent activity not yet defined in existing rules, or highlighting behavior indicating likely account churn.

7 Banking Industry Architecture Network—a banking standards body launched by several global banks in 2008.