Mastercard’s Ajay Banga On The Future Of Payment Technology, Digital Identities, Blockchain, Data Localisation
Ajay Banga discusses the future of Mastercard, payment technology, digital identities, blockchain, data localisation and privacy.
In the decade that Ajay Banga has led Mastercard Inc. as chief executive officer, the payments major has seen revenue triple and market value increase over 10 times. Importantly though, Banga and his team have steered the ‘card company’ to one that earns close to half its revenue from emerging payment tech areas, cybersecurity and data analytics.
Banga, who was earlier this week named to the executive chairman post starting next year, with Michael Miebach as chief executive officer, spoke to BloombergQuint’s Menaka Doshi on issues of data ownership, privacy, data localisation, and new opportunities around blockchain and digital identities. The Mastercard version of Aadhaar.
I want to start by asking you to look back at the critical inflections points, for the company and payment industry, in the over a decade that you've been CEO at MasterCard.
Well, you know, we’ve had a great run, right? We have grown revenue at 13 percent a year on the average, we’ve multiplied our market cap 16 times during the recent market corrections aside, actually 17 till a little while back. I think we’ve diversified our revenue streams and built more legs to our revenues to not just payment transactions, which used to be the overwhelming majority of our revenue 10 years ago. Now, that’s a little more than half and we do a lot of work in cybersecurity and data analytics, in loyalty both in commercial payments and real-time payments, ACH (automated clearing house)—that kind of stuff is now close to 40-45 percent of our revenue. I think that diversification combined with an embrace of innovation, with digital Innovation where we are now ranked often in that space among the more innovative companies, that was a real change maker. That has driven the way we’ve looked at our environment and the competition.
I think the biggest realisation that drove this was to define our competition—not other payment networks, but as the wider environment of cash. That just changed everything; how we approach the market, how we approach technology, how we approach financial inclusion and our commitments to financial inclusion over the years.
You indicated that these new service lines are now almost 40 to 45 percent of your revenue. Do you see that proportion increasing? Can this rapid pace of growth you've had over the last decade sustain? Especially, in the face of disintermediation in the payments industry, democratisation of technology, new tech regulation, blockchain etc...
So, the first part is that I think there’s enormous opportunity for growth. The level of cash that is still used in personal consumption, not just in India, even in the United States, is enormous. Around the world, the rough estimate is that only 20 percent of personal consumption expenditure transactions are currently digital. So yes, there's a lot of space in that 80 percent.
As for disintermediation, just think through it this way. We are among the top three holders of patents in blockchain. So, we will actually enable some of these new developments to happen, which I don't consider to be disintermediating for us, if we embrace innovation. If you just stayed in a model that said all we're interested in is a business built 30 years ago, well, then I think that's a estimate that people will go around you. But look at us today. Every fintech player around the world is a partner of ours. From large digital giants like Apple, the Apple Card is by the way a MasterCard, to players like PayTm - who is in deep collaboration with us and is a great partner, to people like Alipay and WeChat who now take MasterCard cards into their wallet for people flying in, to PayPal who by the way issues a MasterCard all around the world and is one of my best partners. Dan Shulman at PayPal is an outstanding partner.
So, you could take big digital players, you can take fintech, you can take emerging players like N26- which is a terrific bank in Europe or New Bank in Latin America or Revolute in the U.K., they're all partners of ours. The reason is that our infrastructure and our flexibility around innovation enables them to do what they do well, which is reach consumers and give them an outstanding experience. We enable that infrastructure to work well. That's who we are. We're not a consumer company. We're an infrastructure and payment technology company. Then we use that to develop insights on cyber security and data, loyalty and the like.
If you define your company correctly and you focus your people correctly, and you invest in those, I can see another decade of outstanding growth.
The Next 10 Years
What do you expect the next 10 years will bring both in terms of payment technology changes to a company like yours, and of course, therefore in your role as Executive Chairman at MasterCard? Trends that ordinary people like us can’t see as yet?
So, the first thing is, I hope I'm not doing this for a decade. They have to carry me out on a stretcher if I do that. You’ve got to wish me a better piece of luck than that.
You said something very interesting at the end, which actually, I have a different point of view on. You said ordinary people like you, journalists and consumers may not have the same insight into... I should think that consumers drive everything by their embrace, or their rejection, of how they work with things. So, for the last so many years, people have been embracing openly different forms of connecting with each other without paying too much heed to their privacy and their security. I think that debate is beginning to change, and consumers will drive that change by voting with their feet and fingers and their wallets. So, I'm very respectful of consumers and their way of changing how people like us should prioritise our industry. That to me is mission critical.
But I don't think you meant it exactly the way I may be interpreting it. You were saying it in a way that probably meant that consumers don't get to see it as early as companies might in their innovation cycle or we may have insights into things that are happening globally as trends - whereas the consumer may be more local. I think if that's how you meant it you are 100 percent correct...
(...interrupts) That is how I meant it.
I’ll give you a two-part answer. So, the first part is, I think that the next decade with 5G, 6G, with the internet of things, with connectivity across devices and faster streaming, all that stuff will probably change the way that everybody interacts with each other quite dramatically. I think the quantum of data that will get generated out of that and the amount of information that will be available will be enormous. Already more data being generated in the last five years than in the previous 30. I think this is going to be a very large space. That has implications for cyber security, for data privacy for individuals, but also has enormous opportunities for how it changes the way people interact and how commerce is done. So, one of the things Mastercard has done, and I think this is really important even in India, is to put out what we call Data Imperatives.
What do I mean by that? In very simple English, what it says is the following. One, you own your data. You are the consumer and you own your data and you have the right to benefit from it. Whether you benefit from it directly, meaning I pay you 10 cents for every time I use something of yours, or I give you better choices, or I save you something. I'm not quite sure yet how that would play out, but you should benefit from it. So, it's your data, you might benefit from it.
Second, you have the right to know what is being collected about you each time it is collected. When you use an app on your phone, someone accessing your contacts through the app, because you said I agree at the end of an eight-page disclosure, is not acceptable.
Third, you've a right to have your data deleted. If you Google me, and you look at my data online, somewhere on page 36,000 you will find my social security number and my daughter's apartment address. That's just a violation of my space, it's unfair. What has my daughter done to deserve being found in my Google search? Forget the fact that I feel violated myself as my social security number is out there. That aspect of the right kind of stuff deleted about you is equally important.
The fourth principle is, we as a company when dealing with you we should collect the minimum data we need to be able to do business with you. Minimum. So, for example, we as a company, when you use your card- either physically or in e-commerce or in your PayTM wallet or your Google Wallet or whatever wallet you use it in, we actually don't know your name. I don't know that Menaka Doshi has used the card. I don't know what you bought, either. I don't know whether you bought Asprins or toys for your child. All I know, you spent so many rupees at this merchant code at this time with this 16-digit account number. I don't know the person. That to me is all I need to be able to clear or settle your transaction.
The last principle is, even this which I collect, it's my job to keep it safe for you. That's a sacred covenant between you and me. Now, this, by the way, applies, whether you're a global company, or, and I mean this very carefully, you're a domestic company. This is not about data localisation. This is about respect for the consumer’s data, whether you are local or global. I think it's really important. I think the next 10 years, this aspect of respect for our space on data, and therefore, privacy, cyber security - how we approach these will define the winners and the losers.
So, the opportunity is enormous in this case. You could think about a digital identity service. I'll, give you an example of something we're launching. If you're a refugee, the Middle East has many millions of refugees right now, so does India by the way because of all the trouble on India's border. So, when you come to a refugee camp, the statistic now globally is that people spent 16 years on the average in a refugee camp - which means you’ll have children, they will grow up, go to school. It is not just political refugees, or religious refugees, it's also climate refugees. So the UNHCR is working with us so that when you go there, Menaka goes to say, ‘I am Menaka Doshi’ they don’t ask you for identity, they accept you as a person. You give them your fingerprints. We will convert those fingerprints into a cryptogram-protected token, a hashtag. We don't take your fingerprint, we only convert it into a token. You then you go to MercyCo or Save the Children to pick up medicine for your kids or food for them - and you will use your fingerprint again, we will convert that into a token, unlock the two cryptograms and say whoever was the person who gave her fingerprints at UNHCR, this is the person who has come here, give her the food or give her the access to the healthcare or education. Just think of that. You've protected everybody's privacy, but you made it safe and no longer the poor woman at the mercy of these front-end agents who as you can imagine, abuse that liberty.
This is similar to what Aadhaar is trying to achieve in India.
Yes, so now that's the Volkswagen version. I mean that in a good way. Take the Mercedes Benz version, which is the upmarket version. We just launched that in Australia. And this is different from Aadhar but the idea is the same. What we've done in Australia - let’s say you have a driving licence, a couple of bank accounts, a passport and a phone. The driving licence has information about you, your passport has information about you, the bank account has a lot of information about you, the phone you carry - the phone company knows where you are and your monthly spend, etc. And the merchants you shop at know what kind of stuff you were buying and so on. Today, if you were buying alcohol on the web in Australia and it gets delivered to your home. Some kid in a FedEx outfit shows up, and you got to give them your driving licence, they take a photograph of it to send it to their office to prove you're above 21 and that you're actually standing there and it's not your minor child who is collecting the alcohol. Now this young kid who came from FedEx has your driving licence on their phone, it has your photograph, it has your full name, it has your exact date of birth. It has what kind of vehicle you're allowed to drive, in some countries, it has the equivalent of a social security number. Of course, it has your exact address but that they knew anyway. That information, by the way, is enough to open a bank account. But you gave all that to some kid because you wanted to get your case of booze. All you needed to do was to say, I'm above 21 and prove it. So, I'm enabling that with Microsoft and Samsung, we’re building this out with a bunch of partners. You could just go on your phone, use your fingerprint and say, ‘Hey, trusted provider, let FedEx know I'm above 21 and I'm here right now”. I would go to your driving licence, your passport, your bank, get back a yes, no answer saying she is above 21. Not your exact details. Just a yes, no answer. Protect even that with a cryptogram so you can’t break it. I go to your phone company and say the phone is here right now. I put the two things together and say to FedEx, yes, she is about 21 and is here, go ahead and give the booze. That actually saves you your privacy. Because you never gave your driving licence.
To that extent, we are different from Aadhaar because one, we do not keep all the data in one place. Two, we actually don’t collect your data. Other people who you have volunteered to give the data to, keep it. I only go there to check that information that answers your very specific question and give that back in a safe and secure way.
To me, that is the future of digital identity. Distributed identity systems that are safe by the nature of the fact that they're distributed. So, if anybody has to break into them, they've got to go to many places. And two, that you only bring back that information that you need to know to complete the transaction that the consumer asked you for. Remember my data imperative? This is that.
This goes beyond payments.
Yes, it does. It takes the payment information, because it's connected to the payment transaction that you just undertook by buying that booze. I am trying to always ensure is that what I do well is to be where payments is the originator of the core relationship. But then I can provide you with services around cyber security, services around data analytics and AI, services around loyalty and rewards, services around that kind of case, which have not just to do with your account to account payment or your card payment or your phone payment or your UPI payment, but also that enable your life to work.
What’s been the Apple Card experience - because that launched late last year? How do you view the entry of tech in finance - whether it's Apple or Google or Facebook. Is it a collaboration opportunity or threat?
And, on blockchain - you withdrew from Libra late last year. As you pointed out, you're the third largest holder of blockchain patents. What's the plan on being able to build around blockchain? When does that become a sort of operational reality for consumers?
So, the second part first. I don't actually know when blockchain will become operational for the consumer level. I think this is a technology that's still quite to figure it out what role it can play in the lives of day to day consumers. Just to make sure, we are not the third largest, we're in the top three of blockchain patents - I want to leave it a little vague. We are launching a bunch of things in blockchain. We've got stuff in proof of provenance. For example, is this shrimp really organically grown? Was that shirt actually made from Egyptian cotton? If so, which bale? Or, this milk powder came from that particular village, if there is a issue with that particular village’s milk collection, can I reach the correct tins and withdraw them from circulation? Things like that, or to identify counterfeit medicines and so on. That's one very good use of the blockchain.
The use in currency is a little more challenging because currencies, crypto currencies are actually very good. They're an asset class. I mean, they go up and down in value dramatically, very quickly. They aren't really transparent in terms of who owns them. So, I don't know how you can have a currency in a country like India or other places which care about KYC, AML, transparency, all that good stuff, and value by the way. How can a merchant deal with a currency that bumps up and down in value every few minutes? You can't do that. So you need both transparency and value predictability in currencies and so I think that is still a hurdle that some distance away for a blockchain-enabled cryptocurrency to come to. I'm certain people will find solutions to it or central banks will one day, but I don't think that's here yet.
The part about digital players entering into financial services. Apple is a great partner, so are Amazon and Facebook and Google and PayPal and all the others. My general view is most of them are not banks. They tend to operate through banks. Apple, in specific operates through Goldman. The same is true for a number of countries around the world where digital players are operating through banks. Honestly, my view of this is, whether they operate through banks or they get licences to become the equivalent of a bank locally, my job is to find ways to be relevant to meet their needs. We're in the infrastructure business - we have to provide them with the ability to connect accounts and do it safe, simple, smart. If I can do that well, they will partner with me. If I don't do it well and I create friction for them then they will have an incentive to find ways to do it differently. I think I'm proving over the last decade that we can do this well and be partners with all of them.
So, you see it as a collaborative opportunity. On India - I'm going to revisit the issue of data localisation - I assume you've achieved full localisation? What has that meant for you in terms of technology or costs, or the ability to mine analytics or any of those things?
So actually, yes, completely. On the 31st of December we met the RBI’s deadline to be completely satisfying their requirements. If I'm not wrong, we are one of the few who did it. Many people talked about it and we've actually done it. Because my general view is when governments create regulation, my job as a company is to interact with them, tell them what I like and what I think is not good for them, or is tough for me. At the end of it, they're sovereigns, they will decide, after that my job is to comply. It's their demand, and their right and I'm very respectful of that. But at the same time, I'm respectful of what I think could have been done better.
My view on data localisation was very simple. I believe that by balkanising data across the world, you reduce the AI capability to use that data to prevent fraud, and cyber-attacks, that by the way global criminals use. So, if somebody does something in another country - which I learn from, I can factor that thinking into my AI algorithm and my technology, and because I have global technology I now have that available to every country, free of cost. When somebody does a similar kind of thing in that country trying to explore or test, I can catch it very early. I have numerous examples of this where I've helped Indian banks and Indian merchants fight off that fraud. Now, when you balkanise the data, the power of that AI capability tends to reduce. It doesn’t mean it can't be rebuilt. We are rebuilding it. But you're working within the confines of Indian data. So, let's say there was this criminal who did this in Timbuktu. Till they come to India and try the same thing, I'm not going to know. When they do come to India, I'll be trying to find the same pattern all over again. You’re kind of making me learn twice what I could have learned once. That to me is a challenge for India itself. It's something India needs to figure out. There are a number of Indian data scientists who seem to believe that there is enough data in India because of the size of the Indian market to be able to develop these predictive tools locally. I think they're missing the point that the theft is not local, the thief is global. And they operate in patterns.
The India opportunity hereon?
I'm a deep optimist of India, and that the future for companies like ours lies there. When I joined the company, 1 percent of our workforce was in India. Today it is close to 14-15 percent and not just doing back office work. I'm talking about highly qualified engineers and AI scientists who are developing products and services, not just for India, for the world. That is what India is. I've invested a billion dollars over the last few years and I am putting another billion in over the next few. The logic is that India gives me good manpower and a stable system. Frankly, a base which I could use for many of the neighbouring countries around India to be able to operate from.