Friday, 14 November 2014

Officials Alarmed By PSD2 And Barriers To Innovation In Payments

In a joint study, Ofcom and the UK's new Payment Systems Regulator have explored the reasons for limited innovation in the UK payment services market, sounding the alarm over the potential impact of PSD2. But the study does not thoroughly explore the most recent proposals, which would make the situation worse than officials seem to appreciate.

The study confirms that most of the innovation is facing retail customers and relies on the existing payments infrastructure.

Various factors act as a barrier to the scale and pace of innovation seen in other technology sectors. There is a low tolerance for system failures, naturally, but the resulting high security and resilience requirements make systems more rigid and less open to the usual market forces of present in other IT sectors. New entrants also find it hard to break through the network effects that support existing payment methods (e.g. cards). Investment is further constrained by significant uncertainty around regulation and technological standards. Finally, the interests of consumers, merchants, telcos and financial institutions are not aligned in the types of services being offered - in essence we're seeing an attempted 'land grab' by competing institutions at customers' expense.

It is critical that the European Council considers this report as it finalises the proposals for PSD2, which would make this situation worse. Equally, however, it is a pity that this study was not able to more thoroughly explore the potential impact of those proposals.

Let's hope for some more joined up thinking in the weeks to come!


Friday, 7 November 2014

The End Of Merchant-hosted Checkouts?

Source: LoudMouth Media
You may have noticed that I'm madly trying to keep up with the blast of confetti from Brussels known as "PSD2". It's very fortunate that the SCL's editor is blessed with a good sense of humour, not to mention the readership. In advance of my latest update, here's a warning of a fairly brutal provision for e-commerce merchants in the latest version of PSD2.

Not satisfied with forcing 'gateway' service providers to supply their services directly to regulated institutions rather than merchants, if they wish to remain exempt, it seems the EU Council also considers that e-commerce checkout pages on merchant sites are "payment instruments" in their own right (not just the payment methods displayed on them).

A new information requirement seems to mean that where customers are shown a range of different card-scheme brands as payment options prior to checkout (itself referred to as “the issuance of a payment instrument”), they should be informed that they have the right to select a particular brand and to change their selection at point of sale.

On the surface, this requirement adds nothing. It's how checkout processes already work. If you want to pay by card, you click on the card scheme logos, and up comes a page that asks you to enter a card number from any of the brands displayed. But describing a checkout process as a “payment instrument” (rather than merely the payment methods available on it), suggests that the entity which serves up the web page that enables checkout is itself the issuer of a payment instrument and should be authorised accordingly.

It's likely that many e-commerce merchants will host their own checkout page or process, and the transaction only moves to the acquirer’s servers either once the customer has selected which type of payment instrument she wishes to use, or (if the merchant is PCI compliant) once the transaction is captured and sent to the acquirer.

So this provision would actually require such a merchant to either cease hosting any aspect of the checkout process or become authorised as a payment instrument issuer (or the agent of an authorised firm). It also raises the question whether such a merchant is also 'initiating payment transactions', with the same consequences.

This is revolutionary stuff. If passed in this form, PSD2 could drive the need for significant website re-development work. Of course, it could also mean good business for e-commerce marketplaces, or regulatory specialists who help firms apply for authorisation (pick me!). But it's really just overkill.

In their quest for 'the highest standards of consumer protection', the European authorities seem oblivious to the adverse impact on competition and innovation in the payments sector that will come from delivering control over key aspects of e-commerce infrastructure to the comparatively few firms who will bother becoming authorised. Ironically, it was this sort of concentration that drove the need for the current PSD - to open up the banking/card scheme monopoly. Perhaps the banks and their schemes are winning the battle to retain their dominance after all...