Context - Impacts - Options Payment within EU Regulations Context - Impacts - Options Running Payment Business ADVAPAY Webinar - 2016.11.07 Ugo Bechis E-Payment & SEPA Advisor © 2010 Colt Telecom Group Limited. All rights reserved.
Payments within EU Regulations Payment developments drivers : integration into the (e-)Commerce cycle P2P - Fintechs’ access to payments Cases : Big Social, E-Comm players , the Wallet entry point “Non-money vs Money” roles : access, data intelligence, ownership via ID Regulatory angle : EU PSD.2 RTS and the Regulatory Package Options : payment business models ; success factors Ugo Bechis
SEPA - EU Authorities : Policy objectives , principles An orderly and competitive playing field in EU (also ref. to non-EU players) Access to Bank payments by non-bank subjects , within a regulated frame Interoperability of Payment Instruments troughout EU Open access : no contractual/ technical barriers for any player Lower prices : card MIF fase out , more efficiency , lower costs Policy principles Beyond integrated “vertical” models (bank - channel - payment - customer) “Horizontal” approach : channel to be neutral to banks’ access, also by TP Common rules : independent from type of payment , channel ownership Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Payments development drivers : different activities 1) (e)Commerce driven : > “non-money” Convergence of in-Store and in-App Attract / retain / sell & pay (geo-location, loyalty, “one click” button) Wallet App.s bundle buy & pay functions 2) P2P ”near-instant” (card/non-card) > “money” via Mobile ; leverage on “social” features “instant” card-to-card/ account-to-account Mobile Apps bundling social + payment “Big Social” access customer capture Access ID ; behavioural data , proactive > “money” > “non-money” Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
1) e-Commerce scope : to sell & be paid No-friction purchase process : intuitive , easy , quick Conversion rate : 62 % (paying buyers vs e-cart check-out) Types of paym accepted : 6.8 (avg no. of payment instruments) Checkout time : 134” (avg seconds from cart checkout to paym) “click” time (ex 2014 : 12”) : 8,5” (avg seconds from one click to next one) every - 10” lower checkout time = + 2% conversion rate > sales Ugo Bechis source : pymnts.com 04.12.2015 - BlueSnap - Top 70% US e-Comm (650 e-Retail websites) © 2010 Colt Telecom Group Limited. All rights reserved.
How the Dutch pay online: mainly with iDEAL! 2) Payment options driver : P2P «near-instant» How the Dutch pay online: mainly with iDEAL! .. Ugo Bechis - The PayPers - Friday 16 September 2016
3) Capture at customer access : Big Social - ID & data Online Bank Seller Buyer Online platform App Pay app PSP Pay platform Various SPs Pay app Ugo Bechis
3) Capture at payment access : open wallet (case : PayPal) PayPal - Open Platform gateway strategy PayPal branded or white label wallet (Dan Schulman) PayDiant : Apps to tailor wallets to payers or merchants Braintree : open “agnostic” wallet (SCT, cards, loyalty) Venmo : Mobile P2P (PayPal instrument) One Touch tech : shopping cart - one click “Buy&Pay” Take aways Open wallet to (all) TP payment instruments Tailored App.s to payers or merchants needs Wallet : “checkout” (VISA/MC) & loyalty services Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
3) A digital access gateway : the Wallet Ugo Bechis
EU response : the Regulatory package (Highlights) Regulatory Act What Market Impact PSD.II (EP 08.10.2015) TPP (“access agents”) TP Info Providers Secure authentication Security TPP-ASPSP TPP-to-Bank protocol Access role open to any TPP Banks multi-account info at TPP Payer Credentials security Secure ID PSP-to-PSP Standard TPP APP interfaces e-ID & Trusted Serv. Reg. (EP 08.2014 ; Implementing Acts due by 2016) e-Identity EU legal validity e-ID Schemes Role of Trusted party Time stamping Contents encryption Secure distant Identification Third party Trustee role Thrid party guaranty on time & contents between two parties ECB - EBA Authority - e-Payments Security Guidelines EBA Authority - TPP-to-Bank protocol Two-factor “strong” authentication 1 credential entitled to all payment services Separate channels: Trx, Info TPP-to-Banks standard protocols and data set 1 “dynamic” factor needed 1 credential for all instrument, not limited to one only (a card) TP can handle wallet credentials multi-instruments, multi-bank Bank must give consent (PSD.2) Bank APIs open to TP APPs Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
New EU Regulations : impacts on customer relationship e-ID Reg : Identification by entry gateway as key to customer ownership (re: Dutch, Sweedish Bank-ID for access to PA via Banks HB) (eg: mobile public e-ID bundled with payment credentials) 2) ECB-EBA : e-Payment security - one credential > > > choice of instrument at wallet , routed to Banks > 3) PSD.2 : TPP App.s to be granted access to Banks > Banks/PI can play a TPP role vs other PSPs > 4) PSD.2 : Info/data consolidated by TPP “agent” © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
PSD.2 TPPs : Key points - impacts (highlights) TPP - Third Party Payment Service providers : 3 categories PISP - Payment Initiation Service Providers : initiating a payment order at an count with another PSP, without handling the funds whether or not there is any contractual arrangement between PSP and payer’s ASP AISP - Account Information Service Providers : on the basis of customer’s consent to AISP, provide and consolidate information on transactions from a user’s payment account(s), whether or not there is a contractual arrangement between the “AISP” and the user’s ASP (the Bank). Issuing of Payment Instruments (new definition) : “to provide payment instruments to initiate and process payer’s payment transactions”. A broader concept of “payment instrument”, eg a service (wallet) with two/more payment brands / applications on the same payment instrument (ref to “co-badging”) Notes Banks must grant TPPs access to payment account information (i.e., via open APIs) on an “objective, non-discriminatory, proportionate basis”, where explicit consent of user; access must be “extensive enough” in a “unhindered and efficient manner”. A checkout service (eg wallet) where Payment options are offered is a “payment instrument issuer”. (as opposed to the issuer of each of the available payment methods) Ugo Bechis
The EBA Authority PSD.2 RTS (Public consultation - 12.08.2016) EBA RTS highlights Banks to define their interfaces via APIs documented, available on websites Payment security & authentication up to Banks also when initiation via TPP TPP authentication only on basis of prior contract customer-bank (ASPSP) Strong dynamic authentication ; exemptions : c-less card < €50 , CNP < €10 Prevention, detection, real-time block of fraud trx before final authorisation Banks must provide AIS TPP accounts, trx info ; not sensitive data (personal) eIDAS PKI certificates (ETSI) for ASPSPs-AISPs-PISPs mutual authentication Card Acquiring PSP to support payer’s PSP strong authentication for all trx Ugo Bechis
Customer ownership : Key steps , Regulatory references Work flow steps & roles EU Regulatory Acts Entry step device authentication ECB-EBA e-Payment Security ( PC , Tablet , Phone / Mobile HW , card ) PSD.2 / e-IDAS Wallet “owner” (Phisical/Mobile/Cloud) PSD.2 / ECB-EBA e-Paym Security ID+access Credentials to Wallet/Instruments e-IDAS / PSD.2 / Data Protection ( e-ID + biometric > Token > two factor credentials) Payment acceptance authentication PSD.2 RTS / e-Payment Security Account holder / payment data intelligence PSD.2 / Data Protection Reg. Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Access steps and Technical Standards : ISO + … Access steps Standard Tech Specifications Physical entry device ISO (payment) - ETSI (Telcos) (EMV Card , Phone SIM , PC , Mobile HW) Hosting wallet (Mobile/Cloud) , ID ISO - ETSI - W3C * POS/ATM > < Card/Mobile initiation ISO - ETSI (Two Factor >< Token >< Biometric credentials) 4) e-Comm > < e-Payment initiation ISO - ETSI - W3C * - FIDO * 5) Payment authorization for cards ISO 8583 Payment clearing & settlement mes ISO 20022 * W3C Org and FIDO define overall web process standards Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
Credit Agricole App Store Principles Co-development of App.s by third party / start-up on customers desires Limited CA effort / open API https://www.creditagricolestore.fr/ https://www.youtube.com/watch?v=z59Buqw7DiI&feature=youtube_gdata Ugo Bechis
PSD.2 RTS : TPP access to banks via “open API.s” > > > Banks “open API.s” require legacy IT architecture processess and security TP APP.s need a process for testing, secure structured delivery, anti-hacking < Ugo Bechis
PSD.2 : Business & Economic Impacts The access player (ID + paym credentials) “owns” the customer Business models will require Bank-to-TPP Fee & Brand Policy Wallet owners claim “broker fees” to host paym instruments (eg: rebates to Google wallet, to ApplePay from card Issuers) Policy on Banks vs TPP Brand / co-Brand visibility Paym instruments multi source pricing , non 4-corner Pre-paid instruments “internal account” average float P2P card-to-card / account-to-account non-IF payment fees Focus on net profitability , lower costs processing models Towards non-IF models : VISA & MC processing revenues up Bank-Merchants joint strategy: checkout, customer routing A Bank can be a TPP digital agent vs other banks Ugo Bechis © 2010 Colt Telecom Group Limited. All rights reserved.
e-Payments & SEPA Advisor Ugo Bechis e-Payments & SEPA Advisor ugo.bechis@gmail.com Ugo Bechis