Conversions & UX: Payment Trends - Interview with Web Griebel
Web Griebel [00:00:00]:
A virtual card that is in the app that I can copy and paste into websites. And if it's ever compromised, it's you know, they know and they just shut that off, but my main, card account remains intact and remains safe. That security and that authentication, level help increase that while you're also keeping the friction low.
Maciej Nowak [00:00:25]:
Hello, Hello, everyone. My name is Maciej Nowak, and welcome to the Osom to know podcast where we discuss all things related to building great websites. Today, we are exploring the complex world of payments with our request, Web Griebel, the global head of payments at WooCommerce. With nearly twenty years in the payment industry, Web brings deep expertise from roles at major payment service providers like Global Payments, giving him unique insight into how payments really work behind the scenes. We'll dive into what happens when someone creates PayNow, the building blocks of payments ecosystem, and why merchants should think of payments as more than just a cost center. Web shares practical advice in reusing checkout friction, protecting against fraud, and understanding legal way of payment landscape of card networks to local payment methods. We will explore emerging trends like account to account payments, the evolution of digital wallets, and how payment data can become a powerful economic indicator. Whether you are running an ecommerce in an store, building payments integrations, or simply curious about what happens to your money when you shop online, this conversation reveals the fascinating mechanics of modern payment ecosystem. If you want to learn more about building great websites, please subscribe to our newsletter at osomstudio.com/newsletter. If you are watching this on YouTube, please give us a thumb and subscribe to our channel. A business is our task. Without a further ado, please enjoy my conversation with Web Griebel.
Lector [00:02:06]:
Hey, everyone. It's good to have you here. We're glad you decided to tune in for this episode of the Osom to know podcast.
Maciej Nowak [00:02:14]:
Hi, Web. How are you?
Web Griebel [00:02:15]:
I'm doing well, Maciek. How are you?
Maciej Nowak [00:02:17]:
I'm also good. Thank you very much for, for coming for the pod. I'm very excited to have this chat, about payments as as, you know, as you might expect. And I would like to maybe first start with, like, a short question. If you can introduce yourself to our listeners so that they can have a little bit more of understanding, like, who you are, who you are, what do you do, and and a little bit of a background.
Web Griebel [00:02:46]:
Sure. Be glad to. First of all, I'm grateful to be here with you. Love talking about payments, especially in the ecommerce space. So my name is Web Griebel. I am the head of payments the global head of payments at, WooCommerce, which is an automatic business. I've been in payments, oh my gosh, nearly twenty years. Spent, spanning roles of product management, partnerships, even sales way back.
Web Griebel [00:03:17]:
And, prior to WooCommerce, I was with a company called Global Payments, which is a multinational, payment service provider. So it's a space that I, am quite familiar with and and love to sort of track and be part of the evolution of payments, especially in the digital and ecommerce space. So thanks very much for the chance.
Maciej Nowak [00:03:39]:
Yeah. My pleasure. My pleasure. Look. Look. I want to learn something too. Right? So, that that that that's pretty cool. Thank you very much for the intro.
Maciej Nowak [00:03:47]:
And maybe for starters, thinking about merchants who are going to, think seriously about, you know, payments, what are, like, typical misconceptions they might have? You know, people who get to a certain scale but not huge. Right? So I'm curious if there's, like, there are common mix misconceptions you run into, you know, when talking to them.
Web Griebel [00:04:17]:
Yeah. Great question. So, I think first and foremost, a lot of merchants view payments as a necessary evil. Right? Even, you know, a cost center. And, and I guess on the face of it, they could, you know, they could believe that because for many, many years, in fact, decades, there was really not a lot of value created around the payment transaction. Right? But, if you fast forward to today and you think about, mobile payments and digital payments and all you know, ecommerce payments and and the like. When they're implemented correctly, with the right providers serving the right markets for the right products and services, they can really, add value to your, to your business, especially in the online space. So the right payment implementations can increase conversions and sales, so product conversions, cart checkouts, and so forth.
Web Griebel [00:05:15]:
They can actually be a revenue stream for, you know, certain software, business models and so forth. And, you know, they can also be a way for you to have a better relationship and connection with your customers. So there's those are sort of three misconceptions. It's not just a cost center. When they're implemented properly, with the right types of partners, they can actually, really help accelerate a business in the in the online space or otherwise.
Maciej Nowak [00:05:44]:
Alright. Yeah. I think we will be getting there as especially when we'll be considering the, let's say, global payment ecosystem. Let's say so so I think we'll we'll circle back to this, to this concept. And maybe still as starters, you know, can you walk us through what happens, you know, when when when when a buyer clicks on, like, you know, pay now button? You know? What what's happening there behind the scenes? Because everyone sees, like, pay Pay now. Right? And then it goes to different providers. Right? But, you know, in a nutshell, what happens after that person clicks pay now?
Web Griebel [00:06:25]:
Sure. Great question. There's a lot of moving parts behind the scenes. So I'll focus in on, card payments, you know, a typical Visa or Mastercard payment. What typically happens in those scenarios or what happens in those scenarios is they click the buy button. The their data is securely either the card number or, you know, their customer their tokenized customer profile, is sent, to the, issuing bank of the card, and, it pings their network in milliseconds and says, hey. I wanna make a purchase for, €50, and, I'd like to and and the network says, okay. You have you have money in your account or you have creditworthiness on your card, and it sends a message back to, the payment processor, which is, often referred to as the payment service provider.
Web Griebel [00:07:21]:
So somebody like Stripe or PayPal, or, you know, some of the major, processors around the world, they then, process the transaction and authorize the payment to the merchant, the seller of the goods and services that the customer is buying. And within a day, sometimes even, sometimes, in real time scenario, the payment for the purchase is transferred to the merchant, the seller of the goods, and, and lands in their bank account. It's and all this can happen in just a matter of seconds.
Maciej Nowak [00:07:56]:
Perfect. That's Yeah. That's why we do this. Right? That's why we use use use cards. Building on top of that, what are the, like, building blocks behind the payment ecosystem, payment technology that, you know, the management should understand, you know, to have a, like, a broader picture, you know, not very nitty gritty, but, you know, on a kind of level of big blocks, you know, so that, you know, you don't you not only think about the cost center and the necessary evil, but rather, you know, understand the process a little bit more. What are the components? You mentioned processor. Right? What what other big blocks, there are?
Web Griebel [00:08:36]:
Sure. So I think at the at the highest level, a merchant has their, their bank account, right, where they, receive funds for, goods that are purchased. And, so that's probably the most important one for a merchant because they need to make sure they have they're receiving goods or money for their goods or services. You have the payment service provider or the processor, sometimes known as processor. They're global ones, like I mentioned before, like Stripe or PayPal and some others. There are, is the customer, the buyer's payment method, and that may be, a branded credit card that runs on the Mastercard or Visa network rails, or it may be a local payment method, that's native to their, country or region, a popular payment method, which often those are account to account based payment methods. So, such things as, Ideal in The Netherlands or Blick in Poland, PIX in Brazil, etcetera. Those are known as account to account payment methods.
Web Griebel [00:09:51]:
So they're essentially facilitating a transfer of money from one person's bank account to, from the buy from the buyer's bank account to the seller's bank account. There are various intermediary intermediaries, between them, but, you know, those those vary country to country. Right? So a high level example would be, in The United States, we have the US Federal Reserve that facilitates the transfer of all payments, within, you know, these networks or between the banks as well.
Maciej Nowak [00:10:25]:
Mhmm. What role does it pay? Like, what role does it, take in the sense that is it like a centralized like, every everything goes through that, entity, or is it providing infrastructure? Like, what's what's what's its what is its role?
Web Griebel [00:10:45]:
Sure. So the Federal Reserve's role is a centralized sort of, clearing house, if you will, that basically facilitates all the payment transfers from one bank to another in The US. Right? And then also, it facilitates banks payments from US banks to foreign, banks as well, right, through other networks like the SWIFT network. So it is a facilitator of payments. It tracks them. It is basically I very much make it, put it akin to sort of the centralized hub from which payments, run through.
Maciej Nowak [00:11:28]:
And and and and a ledger of all of the transactions as well? Yes. Alright.
Web Griebel [00:11:32]:
Yeah.
Maciej Nowak [00:11:33]:
Okay. Alright. And you mentioned to know a couple of methods, like leaking Poland or, or other methods. And I'm curious, you know, but but you started with the card example. Like, what happens when someone's paying with a card, but there's a number of different options. Thinking about, you know and commerce is, you know, ecommerce is wonderful because everyone from, like, all of the world can buy something. And then you hit the problem of different payment methods native to a given country. Click in Poland.
Maciej Nowak [00:12:09]:
Wonderful solution by the way. I love it. So I'm curious to know what like, how merchants should think about global ecosystem of, of their of their customers versus they their, ability to pay with what they have, you know, in terms of, you know, what kind of payment services they have available in their country. Like, how what my, like, mental model should merchants build, and how should they think about this? Like, is it card only or anything else? Like, what what should be the strategy here?
Web Griebel [00:12:45]:
So when merchants are selling goods and services, they're generally solving a problem or, solving a customer need or desire for a customer. Right? And so they do that with whatever the product or services that they sell, and they should think of payments the same way. You know, you wanna meet a customer where they are in terms of, of payment. So, if a customer favors a specific, local payment method because it's very popular in their country or region or, then you want to be able to accept that, which will also increase your chance of converting the sale, and not having an abandoned shopping cart. So they really wanna look at, like, payments as a way to meet their customers where they are to enable them to make a purchase with as little friction as possible, and maybe even sell more or bigger order value as well by doing this. Because if you're meeting more where they are, then you're making it convenient for them to buy your product or service. And they should think of payments the same way they think of, you know, solving a customer problem with their service or or or
Maciej Nowak [00:13:58]:
Okay. That concept of friction is interesting because, there are so many, like, branches in marketing, that focus on optimizing, like, minimizing the friction, like, you know, customer experience and and so on. And then at the very, very end of the journey, there's that, you know, pay button waiting for you to pay, and then there's that last one, step of paying. And how how can you think you know? Because we know so much about optimizing for conversion before that hit hitting that pay pay now button. How can can optimize for lowering the friction for that, for that last step?
Web Griebel [00:14:43]:
Yeah. That's a great question. So I'll use myself as as an example. If I am on a, ecommerce website and I go and put the items in the shopping cart. When I get to the checkout experience, if if if I have to fill out a whole bunch of fields with, you know, keying my card number, keying in my billing address, my shipping address, etcetera, etcetera, The likelihood of me completing that sale as a customer, that purchase as a customer, is far less than if I have the ability just to use one of my favorite digital wallets that I can authenticate, you know, with, you know, with a some sort of biometric authentication, either my thumb or face ID or something like that, which will then populate all the relevant, all the relevant fields in order for me to get the product or service in, you know, in shipped over to me. And so they wanna think about, like, providing payment methods that are both secure and reduce that friction of completing, you know, the relevant information that the merchant needs to complete the sale. They also wanna think about, such things as ensuring that guest checkout is available on their site. Because if you require somebody to set up an account, that's yet another friction point.
Web Griebel [00:16:13]:
Right? Like, they want to we've already spoken about the local payment methods, and, you know, which is yet another way that they can, you know, they can encourage, merchants to I mean, customers to convert their sales. Also, there's an opportunity through their payment service provider or their checkout provider, you know, their ecommerce store. They wanna think about there there's the ability now, to dynamically surface specific payment methods at the checkout depending on where the customer is located. And so things like This is
Maciej Nowak [00:16:51]:
at hand, like, the list would start, for example, with the one that is native local to you where where where where you are right now. Right?
Web Griebel [00:16:59]:
Yes. Yep. Native to where you are. So if, you know, my my checkout experience on a website that has dynamic payment methods enabled and, you know, sort of reordering in the checkout, like, sort of reordering the payment methods dynamically and, is going to look different than yours because we're in two different, parts of the world. And, and yet that that will help to, you know, make sure that, that the merchant that we might both purchase a product from, is gonna convert the sale as likely with you as it would be with me as a customer.
Maciej Nowak [00:17:36]:
I like it. I'm remembering when the ecommerce was starting or was already, you know, started when I was so much younger than I am now. But, you know, I remember days when you would have to, most of the time, send a bank transfer. And then, you know, the online payment came, and now we can order like, these are, like it's a little bit of a like, first, you had to log in to your bank, fill out the, you know, the transfer, then worry if you didn't make any typos or or or some something like this. And now you can touch, you know, with a thumb, you can pay pay on your on your Mac probably or with your face ID, for example. But now I'm thinking that it's like a law of diminishing returns. Like, there isn't any much more we can optimize. Like, it's like nearly the optimization is, like, complete.
Maciej Nowak [00:18:27]:
You can't probably make anything more to lower the friction because it's just double pressing on your iPhone, for example, to, approve the transaction. Right? Is there anything else you can improve even even farther than that?
Web Griebel [00:18:45]:
Yeah. That's a that's a great question. I mean, we're always thinking about the things that, that you can improve upon. Like, the ideally, if you have the friction as low as possible, you also want to, typically, friction and security are going in opposite directions. Right? So, you know, you're you're as a merchant and as a payment service provider, you're typically, balancing you know, reducing the friction with also maintaining proper authentication and, and security such that, such that you can con convert sales, but make sure you're converting legitimate sales to legitimate customers. So there are tools out there, you know, secure customer authentication tools like 3DS two and some of these others that that help really help enable that, that security and that authentication, level, help increase that while you're also keeping the friction low. You know, there there's, there's also opportunities, I would say, you know, for single purchase, or sim single single click checkouts. Right? You know, sort of these, buying experiences that are, you know, that are, mobile enabled, not necessarily full shopping cart where it's just sort of a product enablement, one click checkouts that also maintain that level of authentication that we we spoke about.
Web Griebel [00:20:21]:
Because the nice things about one of the nice things about many of the, digital wallets or really all of the digital wallets are, they are not, the merchant is never in contact with the customer's actual payment modality. Right? Their actual credit card number or bank account number or whatever. For many years now, we've been using or in this the industry has been using tokenization, which is really a representation of, of the customer's important and secure payment information. Right? And so exchanging that tokenization, really encrypting it, sending it along as a as a token or just simply I like to use the analogy, if you ever go to a restaurant and you check your coat and you get a tag, and they give you a tag, and you walk away and you go to your table and you eat your dinner and you come back and you have this tag. Well, look, you have your coat, but it's not really your coat. It's a representation of your coat. And, so you know, this is a similar scenario where we you know, in the industry, we tokenize, the really important and, sensitive customer information, around their payment modality, and, merchants exchange that token but never exchanging the modality. And those types of things are really, really important.
Web Griebel [00:21:49]:
And, these digital wallets, the likes of Apple Pay, Google Pay, PayPal for sure, and, likely many others, are, are all highly secure tokenized, scenarios. So that is actually one extra layer to both protect the customer and the merchant because the merchant, does not wanna hold. It is not in their interest to hold, customer sensitive payment date data. It's like a hot potato. Right?
Maciej Nowak [00:22:21]:
It's a liability. Right?
Web Griebel [00:22:24]:
It's like having a piece of hot coal in your hand. You don't wanna you don't wanna hold that.
Maciej Nowak [00:22:29]:
Yeah. And I know, like, those who want to have it, like, that's that's a problem. Right?
Web Griebel [00:22:34]:
And I don't want a merchant to have my payment information. Like, if if, you know, if if a merchant has a, you know, a file folder on their system full of card numbers, that's a real problem.
Maciej Nowak [00:22:49]:
Yep. Yeah. Yep. But I when when thinking about this, there is that, I would say initial interface where you have to actually type those numbers. There's no other way, unless you're using the digital digital wallet. You know, if you're resorting to physical card and card number, you have to type that card number into some text field on the website. And this is this maybe then will be later tokenized. But for the customer, this is the moment when they are vulnerable.
Maciej Nowak [00:23:24]:
Like, it can be hijacked, you know, they taken over, copied, you know, mirrored. Even the if this transaction is going through, it might be copied in parallel, let's say. So is there anything a customer can think of when protecting themselves, or maybe even merchant? Is there anything merchant can do? Because if you are using, like, external solution, you trust that they are good. Right? That they that they will handle that. But is there anything you can or you should be thinking of on that visible layer where you where the customer is putting their very important numbers?
Web Griebel [00:24:06]:
Yeah. I think, a couple things. Like, that that scenario that you described is a very good use case for the digital wallets that I just mentioned. So whenever possible, if you can, as a customer, if you, are comfortable to enroll in one of the digital wallets that serves your region, that is usually a better scenario than ever keying in a card number. Another, another thing customers can do, if they don't wanna use a digital wallet, I know that some of, many of the card issuers so, the banks' card issuers are the banks that issue credit and debit cards and payment methods. A lot of the credit issuers, the card issuers, offer virtual cards, and so that is another option. So I for me in The US, I have a Capital One Visa card. And for my online purchases, I actually have a virtual card that is in the app that I can copy and paste into websites.
Web Griebel [00:25:20]:
And if it's ever compromised, it's you know, they they know and they just shut that off, but my main, card account remains intact and remains safe. So I would say two two considerations. One, use a digital wallet if you can as a customer. And two, if you're not interested in using a digital wallet, then look to, you know, look to service providers that you know, for your credit cards or your debit cards, etcetera, to use, to, you know, virtual cards. Those are onetime use. Often, they're onetime use cards.
Maciej Nowak [00:25:56]:
I was mentioning that law of diminishing returns, but it was from the perspective of a given user that is you know, any individual user who is very high in that, you know, let's say, sophisticated. For that person, there's little we can probably do to make his, checkout process more convenient. But looking at the, let's say, population, not everyone is on digital wallet. Right? A lot of people are copying and pasting their their card numbers stored somewhere, you know, just for the sake or or retyping them. So I think what might be an option to make, like, on a global scale, the whole checkout process more convenient is to onboard more people to digital wallets, you know, different digital wallets so that they onboard and they don't have to type their numbers. Right?
Web Griebel [00:26:47]:
For sure. And, also, for the things like, you know, prepopulating checkout fields in general, like, outside of the like, some some of the, some of the browsers actually and, you know, I should have thought of this two minutes ago, but some of the browsers also securely store your, payment, credentials. Right? So, the Safari browser and Chrome browsers are two that I know for a fact that do that, and they do it securely with a tokenized, you know, a tokenized representation of your payment modality. And so that's also another option that, you know, that, that customers could use. And and, you know, the there there's certainly no foolproof way, you know, no 100% way to protect yourself as a customer or even as a merchant against, fraud. The fraudsters always seem to stay a step or two ahead of, the rest of us. But but there is there is, you know, some pretty strong generally accepted and, you know, highly successful, methods to keep.
Web Griebel [00:28:02]:
You know, prudent and safe.
Maciej Nowak [00:28:04]:
Mhmm. And we we were we were discussing this from the perspective of the individual and how the merchant should think about their security. You alluded to that, but I'm curious, you know, if you could, dive a little bit deeper what merchant should do. Is there are there any strategies for merchants in our best practices except, you know, like, using real reliable, you know, components for their ecommerce platform? But what else can be done by the merchant to ensure because to ensure not be a victim of fraud?
Web Griebel [00:28:41]:
Number one is keep their website updated to the latest versions of the checkout, whatever their provider is, whether it's a WooCommerce or Wix or Squarespace, Shop Fi, etcetera. Always keep your, your website, and your checkout updated to the latest, you know, versions of of the software because many of those versions the reason that they're updated in many times is to fix vulnerabilities or things along those lines. Right? And so that's number one, first and foremost. Number two, make sure they're using a payment service provider that, you know, that very seriously takes the security of payments and has a demonstrated, you know, a demonstrated methodology around doing that. So, when you mentioned keying in card numbers, there should never be an instance where, a card number is keyed in that is not being keyed into at least a hosted field, right, that is then immediately tokenizing. Right? And, the merchants would never ever want to, not even for a second, have, sensitive customer data on their servers, right, at all. Right? They need that that needs to go right to the server the payment service provider and then respond with the token. Right? So that's number two.
Web Griebel [00:30:09]:
Number three, whenever possible, you know, if if appropriate, like, fully hosted checkout experiences, take the merchant even farther out of scope of, you know, of these types of vulnerabilities. Right? So if a, but when you have a fully hosted experience, let's say it's hosted by the payment service provider, you generally, you may be compromising sort of the user experience and the look and feel of the checkout versus, you know, versus the rest of the, store. So there's considerations to be taken. I think they should really just consult their service provider, their agency or developer, or their technologist in house that is, building and maintaining their site. And, the last thing that I think is really important for merchants to do is have, you know, either have scanning software that is constantly scanning for vulnerabilities around these types of things or hire, you know, a QSA or, one of these companies that is, that is, you know, really their whole purpose is to help protect online businesses against vulnerabilities related to payments and otherwise. So, those are the types of things that you need to
Maciej Nowak [00:31:30]:
the maybe not the best, like, worst worst case scenario, but what are the average bad case scenario where in which a merchant has problems from no. Because of all those vulnerabilities, but maybe because of a, some kind of a fraud. Like, what types of problems are we dealing with?
Web Griebel [00:31:54]:
One of the most common problems is card testing, and it literally is, when a fraudster will use a you know, write a script or have a bot that basically just constantly pings a merchant's checkout with new card numbers and test them for just to see if the card's active. Right? Even for a penny or 2. Right? And then they literally can do this in the blink of an eye, in a matter of minutes or hours or even even longer if it's not caught. They can accrue, like, many many thousands of dollars in authorization fees from their payment service provider and those types of things. So that's one of the most common threats is sort of card testing scenarios where, you know, where they're where where a merchant falls victim to, a bot attack, where they're just constantly testing card numbers. And and one way to protect themselves against something like that, there's probably multiple scenarios, but, they could use they can make sure that their checkout page times out every every so often, right, so that it, that it requires a full reload before you can test another card. Secondly, those secondary authenticators where, you know, the I'm not a robot type of, checkbox with maybe a, you know, a visual cue. Yeah.
Web Griebel [00:33:25]:
Some sort of authentication. Yeah. Captcha. Thank you. And, and, just generally, they need to be wary of those types of things. Those are very common attacks. They merchants can fall fake victim to them, repeatedly even if they're not addressed properly.
Maciej Nowak [00:33:45]:
Mhmm. But that's super interesting because I have never thought about a situation in which you can, like, randomly generate numbers, and they will create a card number. And you can test if that particular card number is active, and you would outsource this to another, you would outsource this to an ecommerce owner so that they are doing the authorization, and they are they would be paying the fees for, for the authorization for the card processor. But but at the same time, like, wouldn't you need the, you know, CCV number, you know, full data of the owner of the card? Like, is the card number the only thing you would need in such a scenario?
Web Griebel [00:34:29]:
Yeah. That's a great question. You raise an interesting point, which is one of the things that a merchant can do is require like, they can we refer to sort of tighten down their settings, their, their authorization settings, and ensure that, that they they they make these settings are generally adjusted from within their payment service provider interface, on their checkout. So if they're using Stripe or PayPal, for example, they would have to log in there and and adjust these settings. And, essentially, what it does is require things like the, billing ZIP code or the billing address or the, the three digit CCV, the security code typically on the back of a card or, in the case of American Express, it's a four digit code. But, yeah, they can they can really tighten those we we refer to those items as level one data, and they can require full level one data, you know, in order for a transaction to process. And if they get a mismatch, you know, let's say somebody makes a large order on their store, and the, billing address is much, much different than the shipping address, and it's a sort of a suspicious order, they should really be prudent about, like, perhaps calling up the customer or messaging them in some way, you know, WhatsApp or whatever, and figuring out you know, trying to authenticate that the customer is real with somebody that they know or, you know, and and then they can you know, they just need to be judicious and very prudent about these types of things, not just let every sale go through.
Maciej Nowak [00:36:16]:
Mhmm. But the transaction would go through if the name and surname, like, wouldn't match the owner of the card. The card number would be correct, but the owner would be typed incorrectly, and this would still go through?
Web Griebel [00:36:30]:
Yeah. Well, they can adjust it to decline. They can adjust their settings to decline those. Okay.
Maciej Nowak [00:36:36]:
So this is a manual setting. Like, you have a control. Like, you can only accept the correct card number, and everything else is wrong. That's still fine. It's your choice. Right? Something like this? Okay.
Web Griebel [00:36:46]:
Yeah. Merchant has control. It's really an interesting thing, and, merchant has control to set that level one data. Like, you always will need the correct card number, and you will always need the correct, expiration date. Right? But you can as a merchant, you can change settings. Like, you could require the security code or not require the security code. You could require a billing ZIP code and a street address or not require those things. At minimum, they should be requiring the security code.
Web Griebel [00:37:27]:
And if they want there there's other factors here in play with this level one data that we're speaking about. It also, can have an effect a positive effect on the pricing of their card processing as well. Right? And, basically, the more correct data that is passed at the time of transaction, the more secure the transaction is and often, more favorable the pricing from their payment.
Maciej Nowak [00:37:58]:
But is the price, let's say, priced dynamically based on the, history of transactions, or is it some kind of a fixed price, based on the agreement that I will be providing this level of information for?
Web Griebel [00:38:13]:
Varies from, payment provider to provider. And, and when I talk about this level one data that we're just we're really I'm talking about, basically, your typical, card networks. Right? Your Visa and your Mastercard. As you think about things like account to account payments or local payment methods, I, you know, I think those are so nuanced, on a region by region basis, and I don't, I don't really have committed to memory what the sort of Sure. Implications around that.
Maciej Nowak [00:38:49]:
So Yeah. Sure. Maybe my last word of comment is that I would expect the consistency of my data, like, for the sake of my protection. Like, you know, some transaction may not go through because I may make a typo, but, you know, having consistency of correct name and surname, you know, all of those details the card, provides, and I have to type. You know? I would expect that this is for my security, you know, so that my card is not compromised, for example. And there is I learned now so many ways to compromise my card even without that card being in possession of anyone. Speaking of the fraud still a little bit more. Yeah.
Maciej Nowak [00:39:34]:
There is the concept of, chargebacks and, you know, dispute resolution. And, you know, unless you are hit with disputes and chargebacks, you probably don't know, as I mentioned, what what's all of that about. And could you introduce our listeners a little bit into the concept of, you know, what happens if someone, disputes the payment?
Web Griebel [00:39:56]:
If it is a payment that has been made on a credit card, like a Visa or Mastercard or American Express, the merchant has an opportunity to respond with documentation that, that validates from their perspective that is, that it was a legitimate sale and the product or service order was fulfilled properly. They have an opportunity to respond and show evidence that, you know, for example, show tracking information that a product was delivered to the customer's to the customer's shipping address. Right? They have the, the ability to show, product level images, things like that that validates it, that it was a legitimate sale from the from the perspective of the merchant. And they, and they they can, in some cases, win. Right? As long as they keep, you know, the right documentation, in many cases, they can win. In bank transfer scenarios or account to account scenarios, the dispute process for customers is far less favorable and far more favorable for the merchants because, once the merchant receives the payment, usually, that's a final sort of a final scenario. There's, generally not a clawback or or type of scenario, like, where, you know, where a customer can get their money back. But with the card networks, with the Visa and the Mastercard, the American Express, because they they they leverage their position as an intermediary to sort of moderate the experience.
Web Griebel [00:41:42]:
Because from their perspective, you know, the card networks, the customer is their their customer is the buyer of the products or services. Right? The cardholder. And so they want you know, that's part of the service they provide is really sort of a moderation or mediation between a merchant and, you know, and, and the buyer. There are some considerations that merch that I would say merchants should have, and we've seen, lately in the past, you know, few years, it's really sort of increased a bit, the this notion of friendly fraud, which is, customers buying things that maybe they can't afford or never intended to pay for, and they are, leveraging you know, they're they're they're basically taking advantage of their relationship with their card issuing bank and and, you know, disputing a transaction. So that that Why
Maciej Nowak [00:42:51]:
is it friendly? Where is the friendliness component in Yeah.
Web Griebel [00:42:54]:
It's not it's kind of a it's not very friendly. It's not very friendly, but it is, but it is different than, like, organized fraudsters going out and, doing this. This is, you know, people so it's it's it's people that are actually receiving and using the good or service, you know, that they should be paying for. And, no. It's not very friendly,
Maciej Nowak [00:43:16]:
but it is Friendly, I think, us in infrequent. You know? It's like not organized, you know, on the scale. It's just infrequent. So, you know, it's friendly in this fashion.
Web Griebel [00:43:26]:
Yeah. It's kind of ironic that they would call it friendly fraud, but it's sort of the known customers. And, you know, some of the ways that, you know, the first line of defense for a merchant to protect themselves against disputes and chargebacks, for ecommerce companies and for payment service providers is education. Merchants need to know. So most often, small medium business merchants, you know, your your typical small, website retailer or seller, doesn't care about doesn't think. It's not that they don't care. They're so busy trying to run their business, like, their core business, like, selling and making their widgets and or whatever it is that they do, that they don't think about things like disputes until they have one or until they have a series of them, right, or a significant one. When it becomes a problem for them is often when they pay attention.
Web Griebel [00:44:27]:
And so one of the best things that payment service providers or ecommerce platforms, or technologists that serve, you know, these customers can do is to educate these merchants on what disputes you know, how they happen, what, how they can defend themselves against those, what sort of documentation that they should keep on hand, for each transaction. So things like, you know, keeping good records of product level data, keeping you know, making sure that those level one settings that you and I spoke about a few minutes ago are really, you know, are really, set up to pass the most authentic and correct data for the car for the buyers. And doing things like that that are prudent, making sure that they're the transactions that they are accepting and sending out products and services on are properly authenticated. And those are the best ways that they can, keep also keeping track of the, shipping. You know, the shipping documentation, tracking numbers, delivery dates. You know, those types of things are also very, very important. Those are the first line of defense for a merchant is to be educated and be aware of, you know, this possibility and, prepare themselves with the appropriate documentation. The second thing that merchants continue to prepare themselves and sort of combat this, you know, these disputes and so forth is to model it into you know, at some level, model it into their business and say, okay.
Web Griebel [00:46:13]:
I'm going to have every business has every business, whether it's an online business or otherwise, will always have some degree of outstanding receivables or some customers that just don't pay them. Right? They don't pay their bill, or they lose the money or something for whatever reason. Right? And so they need to build that into their business model and say, okay. I'm gonna have, I don't know, 2% losses or whatever, you know, in a given you know, in their budget, in their planning. They need to think about this. This is something that they need to consider. The third thing they can do is especially if they're growing quickly, some of these online businesses scale really quickly, and then they, you know, they then they encounter these these growing pains, like disputes. Right? And, the third thing they can do is look at outside there are outside providers, that can either, help, programmatically respond to the, dispute flows, right, and make you know, and and help them keep on top of disputes.
Web Griebel [00:47:26]:
There are also other providers out there that will offer some level of insurance against disputes. So, you know, essentially, they they will cover the cost of disputes, And they some of them will look at it in aggregate, like, in total, and then others will look at them on a case by case basis and, you know, basically, will actually reimburse the merchant for a dispute that occurs.
Brian Alvey [00:47:55]:
Mhmm.
Maciej Nowak [00:47:57]:
I heard recently that Stripe has, in like, introduced a new fee for, responding to disputes. Now you pay $15 for if you receive a dispute. You know? But if you want to respond to that dispute, because of the costs, like, incurred or generated by the card networks, Stripe has added $15, charge if you want to respond to the dispute.
Web Griebel [00:48:25]:
Wow. I was not, I was not aware of that. But what I will say, having worked at, at multiple payment service providers in my career, I spent, gosh, nearly fifteen years at two different payment providers prior to coming to the WooCommerce, business. And, it is a there is a cost for payment service providers to process retrievals and disputes, to process that documentation, meaning they have to put people and resources towards it. And I suspect that some of them, you know, may use it as a revenue stream as well. Right? You know, charging fees against it. You know, the it is very common for payment service providers of all types, to provide or to charge processing fees for things that go beyond just the core basic card payment processing, right, or ACH processing. They'll charge fees for PCI compliance, or they'll charge, fees for reporting and servicing.
Web Griebel [00:49:33]:
They'll charge fees for, what you name it. Right? And, you know, and it varies across, you know, a wide, wide spectrum. But, I guess what I'm saying is I'm not surprised, but I wasn't aware of that.
Maciej Nowak [00:49:47]:
You mentioned the PCI compliance. And, can you explain the concept of of of that compliance? I think this is something, or something like this. So so it's a little bit changing, but but can you give us a, like, a helicopter view of that, of of what it means and what to think about this and and and so on, like, general intro?
Web Griebel [00:50:14]:
Yes. So there is an organization that is comprised, so it's the PCI DSS, Data Security Council. And it is comprised of, basically, representatives from the largest payment networks, Visa, Mastercard, American Express, Discover. And they set governing rules and standards by which, merchants need to, basically adhere to be, you know, to be considered PCI compliant. It is largely done the whole premise of PCI compliance is to mitigate risk. Right? Risk for customers, risk for the payment networks, risk for the merchants, risk for the, card issuing banks, and everyone along the food chain, if you will. There for better or for worse, they they they spread the responsibility of this largely across the payment service providers and the merchants. And so a merchant is considered the first line of defense against fraud because they are the first interaction with, you know, a buy the buying public, right, the consumer public.
Maciej Nowak [00:51:55]:
They're on the edge.
Web Griebel [00:51:56]:
So yeah. They're leading edge. Right? The tip of the spear, if you will. Right? And, and so, typically, what happens is so most recently, PCI4.o, was announced, earlier this year. I'll be candid to say that, I don't know the requirements. I don't have them committed to memory, at the moment. But what I will say is that it is, typically, it has shifted a bit more, you know, sort of responsibility for, having buttoned up and secure websites, processing software, and hosting environments, on the merchant. And, you know, and there is already a lot of responsibility on the payment service provider.
Web Griebel [00:52:49]:
I do know, typically, when these issues are or when these, sort of new mandates come out from from the PCI Council, usually, the public, you know, the community of, merchants and payment service providers and all the constituents that care about this weigh in. And then usually based on that, like, the rules get adjusted and they get, you know, they get tweaked as, you know, as needed and until there's sort of a reasonable balance that is struck or stricken. I don't know if that's the right word. But the best thing like, if a merchant is running a large ecommerce site or even a small ecommerce site, the best thing they can do in the near term is to read up on these things and make sure that they are, you know, make sure that their payment service provider is aware and, also, informing the merchant of what the pay you know, the payment service provider should be informing the merchant of what they are doing because PSP is sort of the leader, in responding to the in responding to these types of things, and, and they should really focus on being educated about it. And then, also, as I mentioned earlier in our conversation, which is making sure that their software and their platform is up to date with all the latest, updates and security fixes and so forth is really important, as well.
Maciej Nowak [00:54:29]:
Alright. This downs this does sounds a little bit strange that the merchant should be keeping in check the processor. Like, you know,
Web Griebel [00:54:40]:
a relevant contact, comment. But I think what I mean by not keeping them in check, just making sure that they are informed, like, that that that they have gone and and read up on you know, the processor should already be publicizing what they're doing. Right? And their content around PCI compliance, like, yes. They're level one PCI compliant. What is their response to and their position on the latest PCI requirements. They should have that publicized. The processor should. And the merchant should take it upon themselves to go read and understand that.
Web Griebel [00:55:19]:
And if they have any clarifying questions, they should, you know, get them answered Mhmm. As opposed to holding them accountable.
Maciej Nowak [00:55:27]:
I'm also thinking about a merchant who is scaling. And is there any difference in a merchant who is, you know, starting out and a merchant who has a thriving maybe not a multimillion, but, you know, a couple of million, dollars, turnaround, you know, revenue a year? Like, is there any difference in how they should treat payments, between a starting account and, you know, established business?
Web Griebel [00:55:58]:
To my to my earlier very early comments at the beginning, I think both, you know, brand new merchants and established sort of scaled merchant businesses should be looking at payments as, you know, as as a way to, add value to, their they they should be looking at payments, as a way to sort of add value and and increase conversions for themselves and sort of scale their business. Because if they are looking at them solely from a cost basis and and just, like, shopping on rates. Right? Oh, what's your rate? Oh, I'm gonna go to the one with the lower rate. Right? That seems like a prudent approach from sort of an accounting and fiscal, perspective. But the reality is if they let's say that they offer just two payment methods on their website, and they sell products, that maybe have, you know, large large order, you know, the I the ability for large orders. Right? Like, multi hundred dollar or multi thousand dollar orders. If they were to consider using one of the BNPL providers, like a Klarna or a Affirm or, you know, Afterpay or some of those providers, that may increase. That may cost them more than the base rate on a credit card.
Web Griebel [00:57:36]:
It might cost them more for processing, but it may also increase. And it's proven that these alternative payment methods, some of these alternative payment methods, increase the order the average order value by fifty, sixty, 70 percent, sometimes even more. Right? So they should be thinking about, like, how can they use payments to help their business scale? And as we talked about earlier, like, meeting their customers where they are. Right? And if you wanna if you're selling something, a product or service, the best thing in my mind, the best way to, one of the best ways to enable, sales quickly is allow customers to pay in the way that they wanna pay. And that's that's how they should be thinking about it in my view. And it doesn't mean that they have to have their checkout, plastered with every single payment method and logo on there, because then that becomes, you know, a law, to your point of that that becomes the rules of diminishing returns. Right? It becomes sort of so confusing that a, a customer may not just may just freak out and leave. Right? But they they, but if they are in a position to, especially if their their PSP, for their checkout, or their checkout, platform uses dynamic, positioning of the payments, that can even be
Maciej Nowak [00:59:04]:
That like, what might be the difference the payment processor can make on a business of of the merchant except, you know, having different fee. Right? You know? Yeah. By now, pay later is a totally different kind of services. It it's not card processing. Right? The Right. Klarna can have, obviously, card processing, but, BNPL is another, like, like, a payment method. Right? So I'm curious to know if you look at the landscape of payment providers, how the merchant should be deciding except you know, comparing similar services because not that would be unfair to compare, you know, payment processing with another service. But looking at payment processors, with similar functionalities, what should you be what should you be looking at accept, fees?
Web Griebel [01:00:07]:
What the what payment methods they enable. Right? What are they offering through their what, what their, contract requirements are. Right? Do they have long term contract requirements? Do they have, onerous, termination fees? What is their what is their what is the, their their payout schedule? Right? So, typically, you know, some some processors when I first got in the industry and you, to accept payments on a website, you may have to wait five, ten, twenty days. The payment processor will hold your funds
Maciej Nowak [01:00:52]:
For twenty
Web Griebel [01:00:53]:
days. For
Maciej Nowak [01:00:53]:
the twenty days.
Web Griebel [01:00:55]:
Three weeks. I've said in 02/2005, that was, like, not un uncommon. Right? Sweet. And yeah. Sweet. It's a good way to go broke. Right?
Maciej Nowak [01:01:05]:
Of course.
Web Griebel [01:01:07]:
Yeah. But, so looking at pay now now fast forward to today, a lot of these payment providers will, enable some of them enable instant payouts to merchants via, like, the Visa Direct, push program, and Mastercard has a similar one. And, so you wanna look at those those types of things, payout schedules, contracts, pricing, what payment methods do they enable, what is the what sort of fraud tools do they have, like and fraud and, what sort of education and dispute, you know, dispute process what's their dispute process look like? Is it easy to submit, documentation first disputes? Are there big fees with it, as you mentioned earlier? What is their service level? Like, you know, can you get somebody on the telephone if you want? Right? Can you call somebody, or are you just in a chatbot? Right? Like and they need to think about what's important to them. Some merchants, you know, some merchants require very low they don't wanna talk to anybody, and some merchants require very high touch services from their payment providers. So they need to consider sort of what they care most about. And if you are a merchant that requires a high touch experience, you're gonna pay more, and they should be okay with that. It's like any service, a premium service. Right? Like, so those are the types of things I would I would be thinking about if I were them.
Web Griebel [01:02:41]:
I would also want to understand, what the you know, it depends on the merchant's business. So if the merchant is in a business that is considered high risk, you know, either because of the products or services they're selling or, or the notion of what we call future delivery in the industry. So how long from the time that I place an order? So if I am buying a piece of furniture, okay, if I buy this couch for $5,000, if am I gonna wait six or eight weeks for that couch to come? That's a lot of, that's a long span of future delivery and for a very large order value. Right? And so if a merchant, is in you know, they should weigh their own business and, against, you know, the like, they should talk to processors about the business their specific business and understand what the processors' tolerance and, thresholds for these types of risks are and and whether they will, number one, underwrite and approve them for a merchant account. And number two, how do they treat, you know, the deposits and the payouts that you and I just spoke about?
Maciej Nowak [01:04:00]:
Yeah. I'm curious if you know about any payment products that are being developed right now. Like, we have for some time already buy now, pay later, and this is getting, like, a comedy is, like, going into commodity space. I, heard that Klarna, my the corporate is going into cooperation with some kind of a burrito, you know, food delivery service. And you buy buy burrito pay lighters. Like, maybe this is a marketing stand, but I'm curious if you are aware of any, like, maybe not a revolutionary, but some something that we don't have yet, but is being under development, you know, something that is going to emerge as a new, maybe, standard, something something new and more modern.
Web Griebel [01:04:52]:
I also saw the news about the pay for your burrito over over four installments. That's interesting to me. I think I'll get to your question in a second, but my my my thoughts on that are interesting. I know that the buy now, pay laters want to be ubiquitous. They want to be everywhere. And if I were them, I would want that also. And so in order for that to be the case, they need to look at those types of scenarios as well. Right? And, I also know, you know, from industry reports and so forth that generations of consumers that are younger than me and, perhaps younger than you are really interested in not using your traditional sort of revolving credit card facilities that, like, so many folks have used for the last fifty years.
Web Griebel [01:05:50]:
And so they they gravitate towards these, buy now, pay laters and so forth because they can, they know what their they can set their terms. They know what they are. They're very, generally very clear and laid out for them. In terms of new payment products, I would say in The US, we're fairly far behind the rest of the world in account to account payments in terms of adoption. But I do know that, like, the Federal Reserve is implement you know, has recently implemented FedNow, which is an instant payment, modality, as well as RTP, which is real time payments as well. These are the two players in the US. They haven't gotten large traction yet, but I expect over time I mean, you know, maybe slowly they will. There's also a new sort of what I would call wallet service, and it's a combination of a bunch of the major issuing banks.
Web Griebel [01:06:55]:
It's called Paze, p a z e. We spoke with them last year before they launched, and, I think they're in sort of a soft launch mode now. And, essentially, what they are is similar to, Apple Pay and Google Pay and so forth. They are a digital wallet, where you can, store multiple, of your payment modalities, your payment credentials, and sort of have this as a one, you know, a one stop, authentication layer for a consumer to use. And, I've not used it yet, but I, you know, I think that these these large, card issuing banks that are involved in it, I think, are are taking it very seriously for a couple reasons. I think they're investing in it pretty significantly for both the risk factor that you and I spoke about throughout this conversation, but also the data. Right? They want to know, like, what they wanna know the product level data that, is being consumed or, you know, is being purchased by their their cardholders from an ecommerce site, and they don't get that today. Right? In the checkout, they they just get the total sale amount.
Web Griebel [01:08:11]:
They don't know what the product SKU is or anything like else, and they really wanna know that.
Maciej Nowak [01:08:16]:
And why would they want to know that? Like, how like, is it of any interest to the payment processor? Like, you know, from my consumer level, would I want to share that information, or would I want that information to be shared with the payment processor?
Web Griebel [01:08:33]:
These folks is as opposed to the this group in is more along the payment the card issuer, the as opposed to the processors. And so the reasoning for them to want to know it is risk and also customer insights so they that way they can then understand what are the things and the habits the customers have beyond just, like, what stores do they buy products at, but what are they buying at those stores, what products and services, and they wanna do that for marketing. We all know that data is currency. Right? And and so that's the reasoning behind it. As a consumer, the jury's out. Right? You know, we the consumer you know, some consumers don't mind giving away all their behave buying behaviors, right, and, for nothing. And then others want to, you know, want to do it maybe so that they can get promotional things. Right? Like, promotional, marketing and things along those lines.
Web Griebel [01:09:36]:
So I don't know what the adoption's gonna be, but I do know that is those types of services are coming out for payments.
Maciej Nowak [01:09:48]:
That's incredible because when you say this, this seems only obvious and natural, and you can only ask yourself why so late. You know? Why this kind of data is not being collected from the down of the, ecommerce. Right? Because you have so many loyalty programs or, you know, cards or apps, loyalty apps. You get, you know, a couple of dollars here and there, in savings for being able to share your basket, you know, your grocery basket all the time. And you can have a feeling like this is exactly how much is it is this worth for the grocery chain. Like, you get 10% off your grocery. So this is amount like, this amount is like, your basket is worth this much. Like and then you can think how how much more this is actually worth because it's not possible this is worth only 10% of your particular basket.
Maciej Nowak [01:10:53]:
Right? So if if the group that is not selling anything to you, which are card, networks, will get to know millions of baskets a day. Like, that's incredible amount of data they can make use of. Like, that's, like, holy grail of ecommerce data. Like, try not, like, not Stripe, but Shopify can do this right now. Because if you are on Shopify, they, you know, they have insights into your basket. So they know when the COVID hit and there was such a high in, you know, CPI. I read one comment from a CEO of one of those big groups. I don't remember the name.
Maciej Nowak [01:11:40]:
I couldn't find later, but I heard that there is going to be, like, a sky high, inflation because they had the information so much earlier than anyone else would would be able to get. It was not official and something like that and all of that. But it was, like, four, five months earlier than, you know, the inflation started to be, you know, reported to be rising.
Web Griebel [01:12:14]:
So this is in a different indicator, right, based on the data they have. Right? Wow.
Maciej Nowak [01:12:17]:
Exactly. Exactly. So this is already available, but, you know, officially, you can't tap into it. Right? There is, like, metrics and so on. But on the gut feeling, you can gauge this if you have that kind of information, you know, at hand in a big organization like Shopify, for example. I'm not saying this was a Shopify guy. I just can't remember who was that, and I couldn't then, like, find that tweet later on when I wanted to find this.
Maciej Nowak [01:12:42]:
But that's incorrect.
Web Griebel [01:12:45]:
Just to comment on that, like, Visa, which is the largest global card issuer I mean, card card network, right, and and issuer of cards. They in many cases, like, I've been in their seminars and their, you know, their, forums and so forth, like and I've seen their you know, they have teams of economists that work there. Right? You know, economics professionals. Right? And often, they are able to know when regions or countries in the world are either going into recession or even coming out of recession. And they know before the governments do. And, it's not surprising. Right?
Maciej Nowak [01:13:30]:
Yeah. They have real time data, and the government will have a month old stale data who which has to go through, you know, scrutiny of also politics. And they don't have to rely on politics because, you know, for official data, the politics can can skew interpretation or the methodology of the, like, assess assessment.
Web Griebel [01:13:57]:
Just the facts. Yes.
Maciej Nowak [01:13:58]:
Exactly. Exactly. Alright. One more thing. One more one more question I now remember. Our disputes so I'm circling back to what we've been talking before. Our disputes only for credit cards or also for the debit cards? Is it an only an American thing, or is it a global global, procedure?
Web Griebel [01:14:18]:
It is anything with a branded Visa or Mastercard or American Express logo. So, that includes debit cards and credit cards. So if there is a logo for a Visa or a logo for Mastercard, then, then, as far as I know, as long unless there's some edge case carve outs, but I don't think that's the case, that there is the ability for a customer to, make a dispute on a purchase. So debit or credit.
Maciej Nowak [01:14:56]:
Mhmm. And we because I was all always thinking that all of these situations where you are paying with a card and because this is a credit card. This is not your money. This is bank's money, so the bank has a problem, and and so on and so forth. So this was my interpretation of why disputes would be tied only to credit cards. But I'm surprised to hear that the debit card can also be, used to disputes.
Web Griebel [01:15:26]:
You know, the banks earn significant amount, like so interchange is the revenue source for the cards, whether they're credit or debit. The interchange fees on debit cards are less than they are on credit cards, and the most expensive interchange fees are on the credit cards that are either high reward value, you know, the ones the platinum cards or whatever that come with a lot of benefits, or the corporate cards. Right? And those often come with benefits too. And the debit interchange fees are less. But the point is the banks the reason the banks, you know, adopted, you know, taking debt you know, issuing debit cards, you know, twenty five or thirty years ago when they started, was because they can the convenience and the ubiquity of these card networks will enable you to, you know, to accept payments, you know, from your checking account, any practically anywhere, right, from your banking account. And they make a lot of money on it, and therefore, they're they're willing to tolerate the notion of a dispute.
Maciej Nowak [01:16:36]:
Mhmm. Okay. Yeah. Thank you. This was fascinating conversation about, you know, many things, you know, financial and and and payments. I learned a ton, and I hope our listeners also learned a ton. And thank you very much. And, yeah, see see you around on one of the world cups, man.
Web Griebel [01:16:58]:
Yeah. I hope so. If, I'm not sure if you're coming to The States, this year, but, yeah, I'd love to meet you in person, you know, in real life. And, I've enjoyed our conversation, and, and thanks very much for the opportunity to chat with you. It's it's always fun to talk about payments for me. So hope you have a great day. My pleasure. Fantastic.
Maciej Nowak [01:17:19]:
If you like what you've just heard, don't forget to subscribe for more episodes. On the other hand, if you've got a question we haven't answered yet, feel free to reach out to us directly. Just go to osomstudio.com forward slash contact. Thanks for listening, and see you in the next episode of the Osom to know podcast.
