The EU Regulations on payments

Size: px

Start display at page:

Download "The EU Regulations on payments"

Alexis Baldwin
5 years ago
Views:

2 Payments within EU Regulations q Payment developments drivers : integration into the (e- )Commerce cycle P2P - Fintechs access to payments q Cases : Big Social, E- Comm players, the Wallet entry point q Non- money vs Money roles : access, data intelligence, ownership via ID q Regulatory angle : EU PSD.2 RTS and the Regulatory Package q q Options : payment business models ; success factors Bexit : a first focus - preparatory steps

s bundle buy & pay functions 2) P2P near- instant (card/non- card) > money v via Mobile ; leverage on social features v instant card- to- card/

3 Payments development drivers : different activities 1) (e)commerce driven : > non- money v Convergence of in- Store and in- App v Attract / retain / sell & pay (geo- location, loyalty, one click button) Ø Wallet App.s bundle buy & pay functions 2) P2P near- instant (card/non- card) > money v via Mobile ; leverage on social features v instant card- to- card/ account- to- account Ø Mobile Apps bundling social + payment 3) Big Social access customer capture v Access ID ; behavioural data, proactive > money > non- money 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis

1) e- Commerce scope : to sell & be paid Ø No- friction purchase process : intuitive, easy, quick q Conversion rate : 62 % (paying buyers vs e- cart check- out) q Types of paym accepted : 6.8 (avg no.

4 1) e- Commerce scope : to sell & be paid Ø No- friction purchase process : intuitive, easy, quick q Conversion rate : 62 % (paying buyers vs e- cart check- out) q Types of paym accepted : 6.8 (avg no. of payment instruments) q Checkout time : 134 (avg seconds from cart checkout to paym) q click time (ex 2014 : 12 ) : 8,5 (avg seconds from one click to next one) Ø every - 10 lower checkout time = + 2% conversion rate > sales 2010 Colt Telecom Group Limited. All rights reserved. source : pymnts.com BlueSnap - Top 70% US e- Comm (650 e- Retail websites)

5 2) Payment options driver : P2P «near- instant» How the Dutch pay online: mainly with ideal!.. - The PayPers - Friday 16 September 2016

6 3) Capture at customer access : Big Social - ID & data Buyer Seller PSP App Online platform Pay app Pay app Various SPs Pay platform Online Bank Pay app Online Bank

3) Capture at payment access : open wallet (case : PayPal) PayPal -

(Dan Schulman) PayDiant : Apps to tailor wallets to payers or

: Mobile P2P (PayPal instrument) One Touch tech : shopping cart - one

7 3) Capture at payment access : open wallet (case : PayPal) PayPal - Open Platform gateway strategy q PayPal branded or white label wallet (Dan Schulman) PayDiant : Apps to tailor wallets to payers or merchants Braintree : open agnostic wallet (SCT, cards, loyalty) Venmo : Mobile P2P (PayPal instrument) One Touch tech : shopping cart - one click Buy&Pay Ø ü ü ü Take aways Open wallet to (all) TP payment instruments Tailored App.s to payers or merchants needs Wallet : checkout (VISA/MC) & loyalty services 2010 Colt Telecom Group Limited. All rights reserved.

8 3) A digital access gateway : the Wallet

9 EU response : the Regulatory package (Highlights) Regulatory Act What Market Impact PSD.II (EP ) e- ID & Trusted Serv. Reg. (EP ; Implementing Acts due by 2016) TPP ( access agents ) TP Info Providers Secure authentication Security TPP- ASPSP TPP- to- Bank protocol e- Identity EU legal validity e- ID Schemes Role of Trusted party Time stamping Contents encryption Access role open to any TPP Banks multi- account info at TPP Payer Credentials security Secure ID PSP- to- PSP Standard TPP APP interfaces Secure distant Identification Third party Trustee role Thrid party guaranty on time & contents between two parties ECB - EBA Authority - e- Payments Security Guidelines Two- factor strong authentication 1 credential entitled to all payment services Separate channels: Trx, Info 1 dynamic factor needed 1 credential for all instrument, not limited to one only (a card) TP can handle wallet credentials multi- instruments, multi- bank EBA Authority - TPP- to- Bank protocol Ugo Bechis 2010 Colt Telecom Group Limited. All rights reserved. TPP- to- Banks standard protocols and data set Bank must give consent (PSD.2) Bank APIs open to TP APPs

New EU Regulations : impacts on customer relationship 1) e- ID Reg :

Dutch, Sweedish Bank- ID for access to PA via Banks HB) (eg: mobile

Payment security - one credential > > > choice of instrument at

s to be granted access to Banks > Banks/PI can play a TPP role vs

10 New EU Regulations : impacts on customer relationship 1) e- ID Reg : Identification by entry gateway as key to customer ownership (re: Dutch, Sweedish Bank- ID for access to PA via Banks HB) (eg: mobile public e- ID bundled with payment credentials) 2) ECB- EBA : e- Payment security - one credential > > > choice of instrument at wallet, routed to Banks > 3) PSD.2 : TPP App.s to be granted access to Banks > Banks/PI can play a TPP role vs other PSPs > 4) PSD.2 : Info/data consolidated by TPP agent 2010 Colt Telecom Group Limited. All rights reserved.

11 q TPP - Third Party Payment Service providers : 3 categories 1) PISP - Payment Initiation Service Providers : initiating a payment order at an count with another PSP, without handling the funds whether or not there is any contractual arrangement between PSP and payer s ASP 2) AISP - Account Information Service Providers : on the basis of customer s consent to AISP, provide and consolidate information on transactions from a user s payment account(s), whether or not there is a contractual arrangement between the AISP and the user s ASP (the Bank). 3) Issuing of Payment Instruments (new definition) : to provide payment instruments to initiate and process payer s payment transactions. A broader concept of payment instrument, eg a service (wallet) with two/more payment brands / applications on the same payment instrument (ref to co- badging ) Notes v v Banks must grant TPPs access to payment account information (i.e., via open APIs) on an objective, non- discriminatory, proportionate basis, where explicit consent of user; access must be extensive enough in a unhindered and efficient manner. A checkout service (eg wallet) where Payment options are offered is a payment instrument issuer. (as opposed to the issuer of each of the available payment methods) PSD.2 TPPs : Key points - impacts (highlights)

12 The EBA Authority PSD.2 RTS (Public consultation ) EBA RTS highlights v Banks to define their interfaces via APIs documented, available on websites v Payment security & authentication up to Banks also when initiation via TPP TPP authentication only on basis of prior contract customer- bank (ASPSP) v Strong dynamic authentication ; exemptions : c- less card < 50, CNP < 10 v Prevention, detection, real- time block of fraud trx before final authorisation v Banks must provide AIS TPP accounts, trx info ; not sensitive data (personal) v eidas PKI certificates (ETSI) for ASPSPs- AISPs- PISPs mutual authentication v Card Acquiring PSP to support payer s PSP strong authentication for all trx

13 The Customer ownership : Key workflow steps Work flow steps & roles EU Regulatory Acts a) Entry step device authentication ECB- EBA e- Payment Security ( PC, Tablet, Phone / Mobile HW, card ) PSD.2 / e- IDAS b) Wallet owner (Phisical/Mobile/Cloud) PSD.2 / ECB- EBA e- Paym Security c) ID+access Credentials to Wallet/Instruments e- IDAS / PSD.2 / Data Protection ( e- ID + biometric > Token > two factor credentials) d) Payment acceptance authentication PSD.2 RTS / e- Payment Security e) Account holder / payment data intelligence PSD.2 / Data Protection Reg Colt Telecom Group Limited. All rights reserved.

>< Token >< Biometric credentials) 4) e- Comm > < e- Payment initiation ISO - ETSI - W3C * - FIDO * 5) Payment authorization for cards ISO 8583

14 Access steps and Technical Standards : ISO + Access steps Standard Tech Specifications 1) Physical entry device ISO (payment) - ETSI (Telcos) (EMV Card, Phone SIM, PC, Mobile HW) 2) Hosting wallet (Mobile/Cloud), ID ISO - ETSI - W3C * 3) POS/ATM > < Card/Mobile initiation ISO - ETSI (Two Factor >< Token >< Biometric credentials) 4) e- Comm > < e- Payment initiation ISO - ETSI - W3C * - FIDO * 5) Payment authorization for cards ISO )Payment clearing & settlement mes ISO v * W3C Org and FIDO define overall web process standards 2010 Colt Telecom Group Limited. All rights reserved.

15 Credit Agricole App Store : TP APPs Principles Co- development of App.s by third party / start- up on customers desires Limited CA effort / open API

16 PSD.2 RTS : TPP access to banks via open API.s > > > > > > > > > Ø Banks open API.s require legacy IT architecture processess and security Ø TP APP.s need a process for testing, secure structured delivery, anti- hacking < < < < < < Ugo Bechis

PSD.2 : Business & Economic Impacts q The access player (ID + paym credentials) owns the customer q Business models will require

on net profitability, lower costs processing models Towards non- IF models : VISA & MC processing revenues up Bank- Merchants joint

17 PSD.2 : Business & Economic Impacts q The access player (ID + paym credentials) owns the customer q Business models will require Bank- to- TPP Fee & Brand Policy Wallet owners claim broker fees to host paym instruments (eg: rebates to Google wallet, to ApplePay from card Issuers) Policy on Banks vs TPP Brand / co- Brand visibility q q q q Paym instruments multi source pricing, non 4- corner Pre- paid instruments internal account average float P2P card- to- card / account- to- account non- IF payment fees Focus on net profitability, lower costs processing models Towards non- IF models : VISA & MC processing revenues up Bank- Merchants joint strategy: checkout, customer routing A Bank can be a TPP digital agent vs other banks 2010 Colt Telecom Group Limited. All rights reserved.

18 Brexit Brexit means Brexit (Theresa May - PM, UK) As regards but What is Brexit? ü Terms of exit ü Formal process ü Possible regulatory impacts in UK and EU ü Related impacts on activities of financial and payment enterprises

19 Brexit - Civil Law vs Common Law : a focus Ø Ø The BIS- IOSCO CPMI Principles call for a sound legal basis (p.16) (contracts to be enforceable, risks transferred between the parties, other) National legal systems and jurisdictions are built on basic legal principles, which can be different if they are based on Civil law (continental Europe +) or Common Law (UK, US +) Key differences in Civil Law vs Common Law principles Civil Law - Codes provide the core of the law, exhaustively. Cases are a secondary source of law. - Judges are not bound by previous cases ; the law on general legal principles. - Statutes provide no definitions, not read restrictively. free to apply - Civil law systems are closed every situation is governed by a limited number of general principles. - Civil law contracts are based on the autonomy of free will actual consent (a subjective standard) is required, but presumptions of facts are available to the judge. - Good Faith in contracts the obligor must perform his duty in good faith with regard to commercial practices. Common Law - Acts of Parliament can define or override the Common Law if they do so clearly unambiguously Parliament presumed not to interfere with Statutes - Lower Courts are compelled to follow decisions laid down by the Higher Courts. - Statutes very detailed with exceptions and their applications restricted to specific facts covered. - Common law systems are open new rules may be created or imported for new facts. - Common law contracts are based on the reasonable expectations of the promise (an objective standard). - There is no principle of good faith of general application. v Complimentary Note of Lloyds TSB Bank plc - February, 1.st 2005 (excerpt of memo to UB) 2010 Colt Telecom Group Limited. All rights reserved.

Brexit - Civil Law vs Common Law : implications The different assumptions at the base of Civil Law vs Common Law can impact on Regulations, responsibilities of parties, litigations in cross-

The limit of the Civil Law good faith when in Common Law jurisdictions Contracts litigation & arbitration clauses, choice of the reference Fora Ø What above is relevant when payments involves the

20 Brexit - Civil Law vs Common Law : implications The different assumptions at the base of Civil Law vs Common Law can impact on Regulations, responsibilities of parties, litigations in cross- border activities, ie : The Statutes level of detail of activities, nature of subjects, higher in Common Law The limit of contractual autonomy of parties (Civil Law) in Common Law jurisdictions The limit of the Civil Law good faith when in Common Law jurisdictions Contracts litigation & arbitration clauses, choice of the reference Fora Ø What above is relevant when payments involves the activities of several parties (processors, clearing infrastructures, big data, internet enablers, etc), based in EU, UK (and US) along the payment chain 2010 Colt Telecom Group Limited. All rights reserved.

21 Brexit : Impacts - preparatory steps Ø The Brexit process, terms of exit, timing to be closely monitored Ø In the interim period some preparatory activities are suggested a) Focus on Business models, whether money (License) or non- money b) Review of Company s Statutes, in a cross Common Law- Civil Law perspective c) Review of contracts with third parties, their contents, litigation clauses d) Consider registration of Patents on proprietory services (eg: Info, tech, APIs) Ø A Brexit scenario with UK out of the EU - impacts v v v v Separately focus on existing money handling activities vs Fintech services Prepaid P2P based on ICS products will be favoured in cross EU- UK payments EU Money handling activities will require a EU License Non- money services can be delivered from within or out of EU

22 e- Payments & SEPA Advisor UB Adv e-payment & SEPA Advisor Via Cicognara, Milano - Italy mob ugo.bechis@gmail.com