We now know that the date for the final implementation of PSD2 – the imposition of Strong Customer Authentication on remote access to accounts – is Friday 13th September 2019. But unless work starts soon on creating a proper payment system on the back of the new APIs, it’s a date that’s likely to be unlucky for the EU’s attempts to create an alternative to existing card payment networks.
At the heart of PSD2 are the new APIs allowing account access and the ability to initiate a payment direct to a payment account. Although these are good things, they’re the mere outline of a proper payment system, a set of enablers that would allow the creation of a genuine alternative to card payments. The focus on APIs has really been missing the point – PSD2 only puts in place the mechanisms to allow payments, but it’s far from a complete solution. With the efforts so far mainly concentrating on complying with the regulations the wider picture is being missed.
Firstly, PSD2 as it stands today comprehensively fails to offer interoperability. Card payment networks came into being to allow any merchant’s bank to be connected to any consumer’s bank and the fact that this works globally is a modern, and vastly underappreciated, miracle. To make this happen Visa and Mastercard created standards and imposed rules to ensure that these standards were met. In contrast PSD2 merely mandates that banks create APIs – and worthy though the efforts of groups such as the OBWG in the UK and the pan-European Berlin Group are, the fact remains that there is likely to be a proliferation of interfaces making the task of intermediaries almost impossible, at least in the near term.
On the face of it, it rather looks like PSD2 will be implemented as a set of small world networks with – at least initially – no connection between them. As it stands full interoperability is going to take a long time to achieve, if it ever happens at all.
Beyond this there are major functions missing. Payment guarantees, for instance – what certainty has the merchant got that a payment will be honoured? Nor is there any obvious process for managing refunds or disputes – we know that the consumer’s rights are paramount, but in a fully functioning payment system the rules and arbitration around these processes are well understood.
And then there’s settlement. In theory, using credit transfer (ACH or, in the UK, Faster Payments) merchants can receive their funds much more quickly than they do today. But how is a merchant going to handle the flow of funds without an understood settlement process – is the benefit of receiving funds more quickly outweighed by the increase in processing that they need to support?
Under these circumstances it seems unlikely that many consumers or merchants will be flocking to use PSD2 come Friday 13th September 2019. However, we at Consult Hyperion think there’s at least one use case that looks interesting – the return of the store card. While it’s unlikely a consumer will open up access to their bank accounts to any random merchant, we can easily imagine them doing so with their trusted retailers – John Lewis or Amazon or whoever. Trust is the key factor, and if consumers trust a brand they’re more likely to open up access and allow those entities access to a rich seam of new data.
Implementing a payment scheme on mobile devices for individual brands in individual countries is much less of an issue than the widescale implementation of an interoperable payment scheme and the outstanding problems around settlement, payment guarantees, disputes and interoperability then shrink to manageable proportions. The lucky retailers see significant reductions in the cost of payments and enhanced customer loyalty if they manage the processes well. The existing card payment schemes see profitable niches of their business picked off.
Clearly this wasn’t the original intention of PSD2 XS2A, but at least to start with, we think it’s the most likely outcome. Card payment systems can’t rest on their laurels because even if only a few headline retailers can make a success of that it will open the doors to others. In the meantime, however, the trusty credit card is likely to remain in peoples’ wallets for some time to come.
About Tim Richards
Tim manages Consult Hyperion’s digital payments practice where he has specific responsibility for digital payments, open banking and tokenisation projects. He has worked on PSD2 and open banking projects for issuers, acquirers, international payments schemes, fraud solution providers and fintech companies and was specified tokenisation solutions for major industry players. Tim has 30 years’ experience in secure processing systems having worked in the payments, transit and digital identity sectors on solutions as diverse as transit ticketing key management, HCE and mobile payments, ICAO e-passports and travel cards, remote management of multi-application smart cards and, of course, EMV.
About Consult Hyperion
Consult Hyperion is an independent strategic and technical consultancy, based in the UK and US, specialising in secure electronic transactions. We help organisations around the world exploit new technologies to secure electronic payments and identity transaction services. From mobile payments and chip & PIN, to contactless ticketing and smart identity cards, we deliver value to our clients by supporting them in delivering their strategy. We define, develop, design and deliver.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now