Bitcoin Forum
November 09, 2024, 08:58:55 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Competitive analysis of Bitcoin vs Square, SumUp, iZettle, Payleven  (Read 12421 times)
Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
November 25, 2012, 12:01:28 PM
 #1

This post has some notes on competitors to Bitcoin in the mobile payments space, specifically Square, SumUp, iZettle and Payleven. All of these companies provide dongles that plug into a phone via their headphone jacks and act as credit card readers.

The pitch: anyone who has the dongle can then receive card payments.

Do these systems have the potential to finally replace cash and thus undermine some of the advantages Bitcoin has?

MARKET PLAYERS

Square (website: squareup.com) is a silicon valley company named after the square shape of its dongle. I believe it pioneered the "plug into the headphone jack" idea and the dongle is free to users. They can do it so cheaply because all the dongle does is act as a tape head that plugs right into the phone, which then acts like a casette tape player to read the data on the magstripe. Square has also pioneered some other neat ideas, like interaction-free payment: when the merchant is trusted, they simply see your name and face on their screen and can push it to charge. Your mobile app accepts whatever payment they request on the assumption that they won't abuse it.

Square charges 2.75%. It is at present limited to the USA.

iZettle and SumUp are European clones of Square, that use larger readers into which you physically insert the card. Both SumUp and iZettle have launched in a handful of EU countries. SumUp also charges 2.75% and iZettles fees vary by country. You have to wait either two weeks to cash out, or until you have at least 40 pounds ($65) on your account. You can receive up to 100 pounds before needing to go through KYC. Again the readers are free.

At first glance these services appear to solve one of the key problems the credit card system has that keeps cash alive - that accepting card payments is very difficult. Whilst the 2.75% fee may seem to make it uncompetitive with cash, it's easy to forget that accepting cash has costs for any non-trivial business too (need to own a cash register, pay for all the physical handling, go to the bank to deposit the cash, etc). So it may be the case that people are willing to pay the card fees to avoid the need to handle cash, if only the excessive setup costs were eliminated.

However, closer examination reveals that these schemes all have serious problems independent of fee size. They can be summed up as security and interoperability issues.

  • Square by the nature of its technology is limited to parts of the world where magstripes are still in use. The reader can be free because it's very simple: just a reader head and headphone jack, 1980s technology. That technique simply doesn't work where EMV has been widely deployed (most countries outside the USA).

    Squares geographic limitations will be revisited later in this post.

  • iZettle and SumUp claim to be EMV compliant and to use the chips in cards. At first this sounds right, the readers are much bigger and you insert your card into them as you would with a regular reader. But in fact they don't do EMV properly. If you dig in, you'll find that these systems expected users to authenticate transactions with signatures drawn on the screen using their finger, not by typing in their PIN numbers. Both services tell their users to check that the signature matches that on the card manually.

    The EMV standard allows for fallbacks to signature authentication. It's designed for rare cases where the chip or reader has broken. Merchants that seem to systematically be doing signature authentications get flagged and told to fix their readers, users whose cards are systematically failing get given new ones.

    By deliberately and systematically using signature verification, these companies were playing with fire. And as you might expect, Visa Europe revoked iZettle.

    Because there's no way for their reader devices to do PIN authenticated payments, both companies have come up with a cumbersome workaround for Visa cards. When paying, you have to type your phone number into the sellers device, receive an SMS with a URL in it, and then go ahead and type your card number into the web form that loads. In effect, you're simply doing an online payment. You won't find any mention of this in their marketing materials, no surprise.

I think it goes without saying that any "solution" that converts card-present transactions into simply filling out your card details on an online form is a non-starter, not only because it's so inconvenient but also because you lose the shielding from payment fraud that PIN authenticated card-present transactions give you.

One company, Payleven, has little coverage but has approached this problem in the right way, by developing an EMV compatible card reader device that talks to a phone via Bluetooth. This means they can process payments in Europe without payment fraud risk and without getting revoked by the card networks. It's not clear to me whether their readers are significantly cheaper or easier to obtain than existing reader devices, which are basically special purpose mobile phones with secure hardware that cost around $500-$600.

Given the difficulty dedicated companies have had doing purely mobile payments in Europe, unless Square can come up with some unlikely or special deal, they're going to encounter the same intractable problems.

EMV IN THE USA

This leads to the question of why the USA is so far behind Europe in payment card security. Though EMV has been deployed for years across many different countries, deployment in the US has barely begun. The answer may lie in the structure of the card industry. It's tempting to think of VISA as a single company. In fact, Visa Inc in the USA is an entirely different entity to Visa Europe. In the US Visa Inc. is a public company like any other, whilst Visa Europe is a company owned by its member organizations. They cross-license the brand and other IP but are otherwise independently managed. This different ownership structure changes the incentives for tackling card fraud. Also, in Europe Visa and MasterCard have a duopoly with Visa dominating, whereas in the USA the market is more splintered.

A different reason may be history. I've found no data to support this, but I've seen repeated references to EMV being developed in response to a huge Europe-specific spike in card skimming and cloning after the fall of the Iron Curtain in the 90s.

Nevertheless, US deployment of EMV is starting now and it appears Visa is optimistic about the deployment timeframes, with 2015 being pencilled in as the date for liability switch. I'm skeptical about that myself, but we'll see. Adoption may be simplified by the extraordinary claim from Visa USA that EMV doesn't mean PIN authentication because "online transactions don't need them" and that offline transactions are unnecessary so support can be dropped - to compare, all online transactions in Europe are PIN verified as a measure against theft/mugging and about 7% of transactions are offline. Why are they doing that? Differing interchange fees may be the reason, or a fear that consumers will reject the user experience change of using PINs.

Probably Square launched in the nick of time and it's now obtained sufficient critical mass that the card networks won't be able to roll out a more secure system that would invalidate it. How they plan to "square this circle" will be fascinating to watch.

COMPARISON WITH BITCOIN

Compared to this mess, Bitcoin looks good:

  • No hardware dongles. A camera is sufficient.
  • Bitcoin can do offline transactions. If the buyer is offline and the seller has a connection, Bluetooth can be used to transfer the transaction (we prototyped this on Android in Berlin and it worked fine). If both are offline, the parties can still trade if the buyer is trusted, so a temporary loss of internet access doesn't result in business coming to a dead stop. And the same sorts of secure chips EMV uses can be applied to Bitcoin to allow untrusted fully offline trades, should that ever be in demand.
  • Security measures are not mandated from the top but decided by individual users according to their personal preferences and risk tolerances. That bypasses the whole argument around PIN vs signature.
  • EMV was developed in the early 90s, before online shopping became prevalent. Amazingly it still has no support for doing internet transactions! Banks have extended the system to do online authentication for e-banking, but that was never made available to merchants. In contrast, Bitcoin seamlessly does person to person and remote transactions with no difference.

The biggest problems are the ones we already know about - awareness, acceptance by large merchants and difficulty of obtaining Bitcoins using payments from the existing infrastructure.

hazek
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
November 25, 2012, 02:33:26 PM
 #2

Excellent write up Mike. It's awesome to have a firm understanding of where Bitcoin as a payment system is compared to the rest of the competition, thanks!

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
World
Hero Member
*****
Offline Offline

Activity: 743
Merit: 500



View Profile
November 25, 2012, 03:24:33 PM
 #3

some more competitors with funny dongles
https://www.paypal.com/webapps/mpp/credit-card-reader
http://www.swiffpay.com
http://www.payanywhere.com/home
http://gopayment.com
http://www.salesvu.com
http://merchant.bankofamerica.com/mobilepay

Supporting people with beautiful creative ideas. Bitcoin is because of the developers,exchanges,merchants,miners,investors,users,machines and blockchain technologies work together.
Bitexchange
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile WWW
November 25, 2012, 03:30:26 PM
 #4

... And the same sorts of secure chips EMV uses can be applied to Bitcoin to allow untrusted fully offline trades, should that ever be in demand. ...

How would that work?
istar
Hero Member
*****
Offline Offline

Activity: 523
Merit: 500


View Profile
November 25, 2012, 03:46:23 PM
 #5

Great work.

In Sweden there is now a Bitcoin easy way to pay straight from you bank account called seqr.se.
They have probably looked at Bitcoin.

They way I see it is that Bitcoin is the only electronic currency you can own.
Its also the only system that does not collect data on its users.
Its the only currency that works like people think currencies work.

Sure merchants can collect data but its not something the system does all the time.

These three are enough, they are huge.
 
No other payment system have those.
They are simply payment systems for FIAT currency produced in an evil system as debt by private banks.
A Bitcoin is not supposed to be repaid to a bank.

As icing on the cake its one of the worlds best system to transfer and hold value, over the internet and in real life.
But the big deal with Bitcoin is that its a limited edition, currency.

The way I see the future, VISA and Mastercard and Paypal might probably adopt Bitcoin.
They can offer services on top of Bitcoin that the Bitcoinsystem will be to slow to offer, such as instant transactions, insurance etc.
Banks might probably mine Bitcoins or another cryptocurrency just to keep a backup and the network safe.
Cryptocurrency is here to stay.





Bitcoins - Because we should not pay to use our money
ArticMine
Legendary
*
Offline Offline

Activity: 2282
Merit: 1050


Monero Core Team


View Profile
November 25, 2012, 03:56:38 PM
 #6

...

Do these systems have the potential to finally replace cash and thus undermine some of the advantages Bitcoin has?

...


I would say most emphatically no. There is a critical issue which these systems do not address namely the:

FICO score or lack thereof of the buyer!

If it is 350 or so or if the buyer does not have a FICO score none of them will work and the only alternatives will be cash or Bitcoin. In the United States alone this is a huge market.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
DublinBrian
Full Member
***
Offline Offline

Activity: 197
Merit: 100


View Profile
November 25, 2012, 07:08:06 PM
 #7

The solutions the OP describes are just connecting phones to the existing payment card infrastructure. I believe that model will be superceded by  banks developing their own smartphone payment apps and services. Visa and Mastercard may lose marketshare as a result.

Barclays Pingit in the UK, is one example. Neither the purchaser nor the merchant need a credit card account. You run an app on your smartphone that is linked to your bank account. You open the app, type the recipients phone number and click send. Quick and easy.

These payment apps will be heavily restricted to what they can do. Pingit has limits on amounts you can send. Banks and governments dont want people moving millions of dollars around by phone. So bitcoin will always have an advantage in that regard.

DublinBrian
Full Member
***
Offline Offline

Activity: 197
Merit: 100


View Profile
November 25, 2012, 07:15:41 PM
 #8

Quote from: Mike Hearn
This leads to the question of why the USA is so far behind Europe in payment card security. Though EMV has been deployed for years across many different countries, deployment in the US has barely begun. The answer may lie in the structure of the card industry.
I may be wrong but I was under the impression that the reason was because most of the patents for the chip are owned by european companies (Gemalto aka Gemplus). For example, smartcards with chips in them were being used for phone booths when I visited France in the 1989.
Serith
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250


View Profile
November 25, 2012, 07:54:13 PM
 #9

The solutions the OP describes are just connecting phones to the existing payment card infrastructure. I believe that model will be superceded by  banks developing their own smartphone payment apps and services. Visa and Mastercard may lose marketshare as a result.

Barclays Pingit in the UK, is one example. Neither the purchaser nor the merchant need a credit card account. You run an app on your smartphone that is linked to your bank account. You open the app, type the recipients phone number and click send. Quick and easy.

These payment apps will be heavily restricted to what they can do. Pingit has limits on amounts you can send. Banks and governments dont want people moving millions of dollars around by phone. So bitcoin will always have an advantage in that regard.

Barclays Pingit has a lot of limitations written in fine print, and those are consistant with the way how banks operate right now. So they are trying to enable mobile payments on top of existing business practice without changing it, and it will not work right away, it will take years before something like Barclays Pingit becomes competitive for general purpose transactions.

Important information
1. Terms and conditions apply. You must have a UK current account and be aged 16 or over to use Barclays Pingit. You can download the app and register to send and receive payments but if you bank elsewhere, we can set up a Barclays Pingit Wallet account for you to use. You can also register online (Link opens in a new window) to only receive payments.
 
Payments in sterling. Minimum payment of £1, the daily payment limit is £750 and the daily receiving limit is £5000. If you have received any payments, you must register within 24 hours or these will be cancelled.
 
The Barclays Pingit app only works with Android 2.2 and above, iOS 4.2 and above and BlackBerry OS 5.0 and above. You may be charged by your service provider for mobile or internet use. Business customers on certain tariffs will be charged for transactions. We can refuse to register you for Barclays Pingit or place limits on how you use it. Visit Barclays Pingit for Business customers for more information.
 
2. Subject to available funds. When sending money, you must ensure the recipients mobile number is current and correct otherwise the payment may be returned or made to the wrong person.  We won’t be liable to you if the money is sent to the wrong person as a result but we will try to recover the money which is our standard practice.
 
Barclays Features Store – terms and conditions apply. You can use the Barclays Features Store online, in branch or by calling us, to add a Feature or Pack to a Barclays Bank Account or Premier Current Account. Packs are available for a monthly fee. You may need to register or apply for certain Features. These may also incur separate fees or charges. The Barclays Features Store cannot be used for certain accounts. For more information and to read the terms and conditions visit featuresstore.barclays.co.uk
 
3. Payments must be made in sterling, and an exchange rate (Link opens in a new window) will be applied when funds are converted to the local currency. Payments made on a working day will be processed immediately, if made between 8am and 5pm Kenyan time (excluding weekends and Kenyan public holidays), and the funds will be received the same day if the transfer is made before 5pm Kenyan time. Payments made after 5pm Kenyan time, or on a non-working day, will arrive the next working day.
 
4. Barclays does not charge you for this Service. An exchange rate will be applied when funds are converted from sterling to the local currency. You may incur charges by your service provider for internet usage.
ArticMine
Legendary
*
Offline Offline

Activity: 2282
Merit: 1050


Monero Core Team


View Profile
November 25, 2012, 09:33:44 PM
 #10

These national / regional money transfer systems have one very serious problem.
We have:

Person A in Kenya using M-Pesa
Person B in the UK using Barclays Pingit
Person C in Canada using Interac

So how do payments from between A and B, B and C, or A and C work again?  But we just got started, we have also:

PayPal
Dwolla
Liberty Reserve
UKash
Paxum
PerfectMoney

...

etc etc.

What we have is a growing multitude of incompatible propriety systems that don't and never will talk to each other. It is like an AOL user trying to communicate with a Compuserve user in 1989.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
Kris
Donator
Hero Member
*
Offline Offline

Activity: 640
Merit: 500


View Profile
November 25, 2012, 10:44:10 PM
 #11

Nice post indeed. But yes, this is the area we as a bitcoin payment processor want in on "Cleaning up the mess?".

         Paying for stuff                Receiving Payment



Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
November 25, 2012, 11:01:44 PM
 #12

3. Payments must be made in sterling, and an exchange rate (Link opens in a new window) will be applied when funds are converted to the local currency. Payments made on a working day will be processed immediately, if made between 8am and 5pm Kenyan time (excluding weekends and Kenyan public holidays), and the funds will be received the same day if the transfer is made before 5pm Kenyan time. Payments made after 5pm Kenyan time, or on a non-working day, will arrive the next working day.

Huh, does anyone know why Barclays processes payments for this service only during Kenyan working hours? That seems bizarre even by the low standards of the banking industry. Why Kenya, of all places?

What we have is a growing multitude of incompatible propriety systems that don't and never will talk to each other. It is like an AOL user trying to communicate with a Compuserve user in 1989.

I don't disagree but note that Bitcoin, being just "one more system" from the perspective of the user, doesn't solve that.

It might solve it one day if the "one more system" takes over, as the internet took over from AOL and CompuServe, and that's an analogy I have used in the past to talk about Bitcoin (open systems beating closed, etc). I think it's very apt.
Mike Hearn (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
November 25, 2012, 11:03:47 PM
Last edit: November 25, 2012, 11:19:49 PM by Mike Hearn
 #13

... And the same sorts of secure chips EMV uses can be applied to Bitcoin to allow untrusted fully offline trades, should that ever be in demand. ...

How would that work?

The chip generates private keys within itself and does not allow them to be exported (in the clear - encrypted backups could be allowed). It stores and signs transactions as any wallet would. The user interface might be provided by a special purpose device, or the chip can be integrated with smartphones.

However it works, when the chip signs a Bitcoin transaction using wallet keys, it also signs the transaction with a private key that was issued to the chip at manufacturing time. The purchaser can then provide the signed Bitcoin transaction, chip-specific signature over that transaction and the certificate chain proving that it's a genuine chip, all sent to the seller who then verifies all the signatures. If they match, you know the Bitcoin transaction was created by a chip that won't allow double spends to be created.

Given that modern smartcard security is extremely strong, this gives you a good level of confidence in the Bitcoin transaction. You don't have to broadcast it to the network immediately. You can broadcast it whenever is convenient, secure in the knowledge that the buyers don't have any technical way to create double spends.

In reality, custom chips+devices for this is probably too hard and not the way to go. Trusted computing (ARM TrustZone et al) can provide similar assurances, without the need to design custom chips. It can all be done in software because the boot processes are strictly controlled and keys can be encrypted under the fingerprints of specific execution environments.


I may be wrong but I was under the impression that the reason was because most of the patents for the chip are owned by european companies (Gemalto aka Gemplus). For example, smartcards with chips in them were being used for phone booths when I visited France in the 1989.

It may be true but those smart cards were already licensed around the world, and the US also uses smartcards in many places (GSM network SIM cards, DirecTV cards, etc). I don't think smart card patents explains it.
ArticMine
Legendary
*
Offline Offline

Activity: 2282
Merit: 1050


Monero Core Team


View Profile
November 25, 2012, 11:21:27 PM
 #14

Nice post indeed. But yes, this is the area we as a bitcoin payment processor want in on "Cleaning up the mess?".

         Paying for stuff                Receiving Payment





Here is my question: Suppose I am using a WalletBit wallet and the merchant is using one of your competitors let say BitPay, How does it work? 

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
Kris
Donator
Hero Member
*
Offline Offline

Activity: 640
Merit: 500


View Profile
November 26, 2012, 12:58:31 AM
 #15

Here is my question: Suppose I am using a WalletBit wallet and the merchant is using one of your competitors let say BitPay, How does it work? 

It works fine, it is all based on Bitcoin.
DoomDumas
Legendary
*
Offline Offline

Activity: 1002
Merit: 1000


Bitcoin


View Profile
November 26, 2012, 02:02:53 AM
 #16

Bitcoin seems far better than those competitors on several aspect.  The only thing I see, is that Bitcoin adoption is in it's infancy, when bitcoin adoption will start to kick in, watch out !!
ArticMine
Legendary
*
Offline Offline

Activity: 2282
Merit: 1050


Monero Core Team


View Profile
November 26, 2012, 02:30:30 AM
 #17

Here is my question: Suppose I am using a WalletBit wallet and the merchant is using one of your competitors let say BitPay, How does it work? 

It works fine, it is all based on Bitcoin.

Of course it does. It generates a bitcoin:URI with the bitcoin address and amount in an open standard that is understood across bitcoin clients worldwide including those of competitors. Just like email. Therein lies the Bitcoin's fundamental advantage over the competition.

Now how do I convert Interac (Canada) to M-Pesa (Kenya) again?

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
Serith
Sr. Member
****
Offline Offline

Activity: 269
Merit: 250


View Profile
November 26, 2012, 03:57:55 AM
 #18

3. Payments must be made in sterling, and an exchange rate (Link opens in a new window) will be applied when funds are converted to the local currency. Payments made on a working day will be processed immediately, if made between 8am and 5pm Kenyan time (excluding weekends and Kenyan public holidays), and the funds will be received the same day if the transfer is made before 5pm Kenyan time. Payments made after 5pm Kenyan time, or on a non-working day, will arrive the next working day.

Huh, does anyone know why Barclays processes payments for this service only during Kenyan working hours? That seems bizarre even by the low standards of the banking industry. Why Kenya, of all places?

Just a guess that there is some manual verification involved and it's done in Kenyan office.


What we have is a growing multitude of incompatible propriety systems that don't and never will talk to each other. It is like an AOL user trying to communicate with a Compuserve user in 1989.

I don't disagree but note that Bitcoin, being just "one more system" from the perspective of the user, doesn't solve that.

It might solve it one day if the "one more system" takes over, as the internet took over from AOL and CompuServe, and that's an analogy I have used in the past to talk about Bitcoin (open systems beating closed, etc). I think it's very apt.

There is a notion that Bitcoin is good proxy currency because of it's openness it can connect to any other payment system. I think the only other universal way to go between two networks is by using banking system e.g. wire transfer, which is painful.
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
November 26, 2012, 06:42:08 AM
 #19

Any system that involves physical credit cards with custom readers is in a way no competitor to bitcoin but there are systems like "Barclays Pingit" in the works (much cooler actually Wink ). I know of one (not sure if there is anything official yet) but I'm sure there are hundreds. It's just natural to take that step.

There is a notion that Bitcoin is good proxy currency because of it's openness it can connect to any other payment system. I think the only other universal way to go between two networks is by using banking system e.g. wire transfer, which is painful.

The Banking System does not work between arbitrary national currencies. You can't send money from USA to IR.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1011



View Profile
November 26, 2012, 08:43:22 AM
 #20

These are all protocols and payment schemes controlled by one particular company or institution.

As such they aren't even remotely competing to Bitcoin. One of THE fundamental advantages of Bitcoin is its decentralized, independent, open, uncontrolled, unhackable, transparent, free-from-manipulation nature.


In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!