Context - Impacts - Options Payment within EU Regulations Context - Impacts - Options Running Payment Business ADVAPAY 2016.10.28-29 Ugo Bechis E-Payment & SEPA Advisor © 2010 Colt Telecom Group Limited. All rights reserved.
Payments within EU Regulations Payment developments drivers : integration into the (e-)Commerce cycle P2P - Fintechs’ access to payments Cases : Big Social, E-Comm players , the Wallet entry point “Non-money vs Money” roles : access, data intelligence, ownership via ID Regulatory angle : EU PSD.2 RTS and the Regulatory Package Options : payment business models ; success factors Bexit : a first focus - preparatory steps Ugo Bechis
SEPA - EU Authorities : Policy objectives , principles An orderly and competitive playing field in EU (also ref. to non-EU players) Access to Bank payments by non-bank subjects , within a regulated frame Interoperability of Payment Instruments troughout EU Open access : no contractual/ technical barriers for any player Lower prices : card MIF fase out , more efficiency , lower costs Policy principles Beyond integrated “vertical” models (bank - channel - payment - customer) “Horizontal” approach : channel to be neutral to banks’ access, also by TP Common rules : independent from type of payment , channel ownership Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Payments development drivers : different activities 1) (e)Commerce driven : > “non-money” Convergence of in-Store and in-App Attract / retain / sell & pay (geo-location, loyalty, “one click” button) Wallet App.s bundle buy & pay functions 2) P2P ”near-instant” (card/non-card) > “money” via Mobile ; leverage on “social” features “instant” card-to-card/ account-to-account Mobile Apps bundling social + payment “Big Social” access customer capture Access ID ; behavioural data , proactive > “money” > “non-money” Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
1) e-Commerce scope : to sell & be paid No-friction purchase process : intuitive , easy , quick Conversion rate : 62 % (paying buyers vs e-cart check-out) Types of paym accepted : 6.8 (avg no. of payment instruments) Checkout time : 134” (avg seconds from cart checkout to paym) “click” time (ex 2014 : 12”) : 8,5” (avg seconds from one click to next one) every - 10” lower checkout time = + 2% conversion rate > sales Ugo Bechis source : pymnts.com 04.12.2015 - BlueSnap - Top 70% US e-Comm (650 e-Retail websites) © 2010 Colt Telecom Group Limited. All rights reserved.
How the Dutch pay online: mainly with iDEAL! 2) Payment options driver : P2P «near-instant» How the Dutch pay online: mainly with iDEAL! .. Ugo Bechis - The PayPers - Friday 16 September 2016
3) Capture at customer access : Big Social - ID & data Online Bank Seller Buyer Online platform App Pay app PSP Pay platform Various SPs Pay app Ugo Bechis
3) Capture at payment access : open wallet (case : PayPal) PayPal - Open Platform gateway strategy PayPal branded or white label wallet (Dan Schulman) PayDiant : Apps to tailor wallets to payers or merchants Braintree : open “agnostic” wallet (SCT, cards, loyalty) Venmo : Mobile P2P (PayPal instrument) One Touch tech : shopping cart - one click “Buy&Pay” Take aways Open wallet to (all) TP payment instruments Tailored App.s to payers or merchants needs Wallet : “checkout” (VISA/MC) & loyalty services Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
3) A digital access gateway : the Wallet Ugo Bechis
EU response : the Regulatory package (Highlights) Regulatory Act What Market Impact PSD.II (EP 08.10.2015) TPP (“access agents”) TP Info Providers Secure authentication Security TPP-ASPSP TPP-to-Bank protocol Access role open to any TPP Banks multi-account info at TPP Payer Credentials security Secure ID PSP-to-PSP Standard TPP APP interfaces e-ID & Trusted Serv. Reg. (EP 08.2014 ; Implementing Acts due by 2016) e-Identity EU legal validity e-ID Schemes Role of Trusted party Time stamping Contents encryption Secure distant Identification Third party Trustee role Thrid party guaranty on time & contents between two parties ECB - EBA Authority - e-Payments Security Guidelines EBA Authority - TPP-to-Bank protocol Two-factor “strong” authentication 1 credential entitled to all payment services Separate channels: Trx, Info TPP-to-Banks standard protocols and data set 1 “dynamic” factor needed 1 credential for all instrument, not limited to one only (a card) TP can handle wallet credentials multi-instruments, multi-bank Bank must give consent (PSD.2) Bank APIs open to TP APPs Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
New EU Regulations : impacts on customer relationship e-ID Reg : Identification by entry gateway as key to customer ownership (re: Dutch, Sweedish Bank-ID for access to PA via Banks HB) (eg: mobile public e-ID bundled with payment credentials) 2) ECB-EBA : e-Payment security - one credential > > > choice of instrument at wallet , routed to Banks > 3) PSD.2 : TPP App.s to be granted access to Banks > Banks/PI can play a TPP role vs other PSPs > 4) PSD.2 : Info/data consolidated by TPP “agent” © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
PSD.2 TPPs : Key points - impacts (highlights) TPP - Third Party Payment Service providers : 3 categories PISP - Payment Initiation Service Providers : initiating a payment order at an count with another PSP, without handling the funds whether or not there is any contractual arrangement between PSP and payer’s ASP AISP - Account Information Service Providers : on the basis of customer’s consent to AISP, provide and consolidate information on transactions from a user’s payment account(s), whether or not there is a contractual arrangement between the “AISP” and the user’s ASP (the Bank). Issuing of Payment Instruments (new definition) : “to provide payment instruments to initiate and process payer’s payment transactions”. A broader concept of “payment instrument”, eg a service (wallet) with two/more payment brands / applications on the same payment instrument (ref to “co-badging”) Notes Banks must grant TPPs access to payment account information (i.e., via open APIs) on an “objective, non-discriminatory, proportionate basis”, where explicit consent of user; access must be “extensive enough” in a “unhindered and efficient manner”. A checkout service (eg wallet) where Payment options are offered is a “payment instrument issuer”. (as opposed to the issuer of each of the available payment methods) Ugo Bechis
The EBA Authority PSD.2 RTS (Public consultation - 12.08.2016) EBA RTS highlights Banks to define their interfaces via APIs documented, available on websites Payment security & authentication up to Banks also when initiation via TPP TPP authentication only on basis of prior contract customer-bank (ASPSP) Strong dynamic authentication ; exemptions : c-less card < €50 , CNP < €10 Prevention, detection, real-time block of fraud trx before final authorisation Banks must provide AIS TPP accounts, trx info ; not sensitive data (personal) eIDAS PKI certificates (ETSI) for ASPSPs-AISPs-PISPs mutual authentication Card Acquiring PSP to support payer’s PSP strong authentication for all trx Ugo Bechis
Customer ownership : Key steps , Regulatory references Work flow steps & roles EU Regulatory Acts Entry step device authentication ECB-EBA e-Payment Security ( PC , Tablet , Phone / Mobile HW , card ) PSD.2 / e-IDAS Wallet “owner” (Phisical/Mobile/Cloud) PSD.2 / ECB-EBA e-Paym Security ID+access Credentials to Wallet/Instruments e-IDAS / PSD.2 / Data Protection ( e-ID + biometric > Token > two factor credentials) Payment acceptance authentication PSD.2 RTS / e-Payment Security Account holder / payment data intelligence PSD.2 / Data Protection Reg. Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Access steps and Technical Standards : ISO + … Access steps Standard Tech Specifications Physical entry device ISO (payment) - ETSI (Telcos) (EMV Card , Phone SIM , PC , Mobile HW) Hosting wallet (Mobile/Cloud) , ID ISO - ETSI - W3C * POS/ATM > < Card/Mobile initiation ISO - ETSI (Two Factor >< Token >< Biometric credentials) 4) e-Comm > < e-Payment initiation ISO - ETSI - W3C * - FIDO * 5) Payment authorization for cards ISO 8583 Payment clearing & settlement mes ISO 20022 * W3C Org and FIDO define overall web process standards Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Credit Agricole App Store Principles Co-development of App.s by third party / start-up on customers desires Limited CA effort / open API https://www.creditagricolestore.fr/ https://www.youtube.com/watch?v=z59Buqw7DiI&feature=youtube_gdata Ugo Bechis
PSD.2 RTS : TPP access to banks via “open API.s” > > > Banks “open API.s” require legacy IT architecture processess and security TP APP.s need a process for testing, secure structured delivery, anti-hacking < Ugo Bechis
PSD.2 : Business & Economic Impacts The access player (ID + paym credentials) “owns” the customer Business models will require Bank-to-TPP Fee & Brand Policy Wallet owners claim “broker fees” to host paym instruments (eg: rebates to Google wallet, to ApplePay from card Issuers) Policy on Banks vs TPP Brand / co-Brand visibility Paym instruments multi source pricing , non 4-corner Pre-paid instruments “internal account” average float P2P card-to-card / account-to-account non-IF payment fees Focus on net profitability , lower costs processing models Towards non-IF models : VISA & MC processing revenues up Bank-Merchants joint strategy: checkout, customer routing A Bank can be a TPP digital agent vs other banks Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Brexit - Civil Law vs Common Law : a focus The BIS-IOSCO CPMI Principles call for a sound legal basis (p.16) (contracts to be enforceable, risks transferred between the parties, other) National legal systems and jurisdictions are built on basic legal principles, which can be different if they are based on Civil law (continental Europe +) or Common Law (UK, US +) Key differences in Civil Law vs Common Law principles Complimentary Note of Lloyds TSB Bank plc - February , 1.st 2005 (excerpt of memo to UB) Civil Law Common Law - Codes provide the core of the law , exhaustively. Cases are a secondary source of law. - Acts of Parliament can define or override the Common Law if they do so clearly unambiguously Parliament presumed not to interfere with Statutes - Judges are not bound by previous cases ; free to apply the law on general legal principles. - Lower Courts are compelled to follow decisions laid down by the Higher Courts. - Statutes provide no definitions, not read restrictively. - Statutes very detailed with exceptions and their applications restricted to specific facts covered . - Civil law systems are ‘closed’ – every situation is governed by a limited number of general principles. - Common law systems are ‘open’ – new rules may be created or imported for new facts. - Civil law contracts are based on the autonomy of free will – actual consent (a subjective standard) is required, but presumptions of facts are available to the judge. - Common law contracts are based on the reasonable expectations of the promise (an objective standard). - Good Faith – in contracts the obligor must perform his duty in good faith with regard to commercial practices. - There is no principle of good faith of general application. Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Brexit - Civil Law vs Common Law : implications The different assumptions at the base of Civil Law vs Common Law can impact on Regulations, responsibilities of parties, litigations in cross-border activities , ie : The Statutes’ level of detail of activities, nature of subjects , higher in Common Law The limit of “contractual autonomy” of parties (Civil Law) in Common Law jurisdictions The limit of the Civil Law “good faith” when in Common Law jurisdictions Contracts litigation & arbitration clauses , choice of the reference Fora What above is relevant when payments involves the activities of several parties (processors, clearing infrastructures, “big data” , internet enablers, etc) , based in EU, UK (and US) along the payment chain Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Brexit : preparatory steps The Brexit process, terms of exit, timing need to be closely monitored In the interim period some preparatory activities can be considered Focus on Business models , whether “money” (License) or “non-money” Review of Company’s Statutes, in a cross Common Law- Civil Law perspective Review of contracts with third parties, their contents, litigation clauses “ “ Consider registration of Patents on proprietory services (eg: Info, tech, APIs) Separate focus on existing money handling activities vs new Fintech Ugo Bechis
e-Payments & SEPA Advisor Ugo Bechis e-Payments & SEPA Advisor ugo.bechis@gmail.com Ugo Bechis