The failure of the Zenobia Pay encodes much of the REAL value of Mastercard and Visa:

1. A global, enforceable rulebook + dispute court. They standardize how authorization, clearing, settlement, chargebacks, retrievals, representments, reason codes, and evidence work—and they arbitrate when parties fight. That governance is why a corner bodega and a transnational airline can both accept the same credential. (Read the rulebooks; they’re huge, living specs.) 2. Credible liability commitments that change customer behavior. Zero-liability and liability-shift regimes make consumers fearless and pressure merchants to adopt secure tech (EMV, 3-DS). Fearless buyers = higher conversion. That demand-side boost is the engine of card commerce. 3. Tokenized, portable identity for payments. Network tokens (EMVCo) and wallet provisioning (Apple Pay/Google Pay via DPANs) are the reason card data can live safely in phones, browsers, and vaults. This reduces breach externalities and keeps the credential working when plastic changes. That’s not ACH. 4. Compliance offload and ecosystem discipline. PCI exists so the brands don’t directly police every merchant’s infosec day-to-day—yet they still set the bar and yank privileges when needed. It’s governance as a service. 5. Programmable payout rails on the same credential. They’re not just purchase networks anymore. Push-to-card (Visa Direct/Mastercard Send) rides the acceptance footprint for disbursements, wage advances, gig payouts, and remittances—instantly, to billions of cards. That makes the card a universal endpoint for money-in and money-out. 6. Regulatory navigation and durability. Interchange caps and business-rule constraints (EU IFR; U.S. Durbin/Reg II) didn’t kill them; they adapted by shifting economics across scheme fees, value-added services, and routing. Survivability under hostile policy is part of the value. 7. They own the “choice architecture.” Historically, anti-steering rules protected fee levels; those were curtailed, but the lesson stands: control over how credentials are presented and preferred at checkout is leverage. (See the AmEx case for the legal theory on two-sided markets and steering.)

What they don’t do (important) • They don’t issue credit or carry most fraud losses—that’s issuers. Networks set rules and move bits; issuers/acquirers take primary financial exposure and then sling chargebacks through the network’s process. (Still: the rules are the value.) • They aren’t the only rails that can scale: account-to-account can win when the state or banks coordinate (Pix, UPI, iDEAL). Those systems prove rails alone can beat cards on price and UX—if you also deliver governance and adoption.

Where they’re vulnerable next (and already hedging) • A2A/instant schemes (Pix, UPI, iDEAL) are re-wiring consumer habits. If U.S. open banking + FedNow/RTP ever gets real UX and liability parity, cards will feel it. Meanwhile, Visa/MC are buying into open banking to stay the orchestration layer (Visa–Tink; Mastercard–Finicity). • Checkout is being intermediated by wallets and platforms. Apple/Google own the front door; card brands keep the credential alive via network tokens, but UX power is shifting up-stack. Tokenization keeps them relevant; control of the UI does not necessarily stay with them. • Policy pressure keeps grinding down interchange/steering constraints. They can adapt, but the rent skim is under scrutiny—again.

The blunt summary

Visa and Mastercard don’t win because they’re the fastest rail or the cheapest. They win because they govern trust at scale: a portable identity (token), a standardized contract (rules), and a credible promise about who pays when things go wrong (liability). That cocktail reliably boosts conversion for merchants and confidence for consumers. Until an alternative can match all four—rail + rules + identity + liability—cards remain the default operating system for commerce.