Payment System Evolution – Open Banking
An open banking movement has emerged from the FinTech community’s ambition to secure a sizeable percentage of the payment economy. There is a belief in significant profits that can be secured from payments. The challenge is that payments are citizen facing and citizens behave in their own best interests. Interests that are not necessarily compatible with that of the FinTech community. Citizens typically resist change unless there is a compelling proposition. Merely offering technology is not sufficient.
Open Banking can and is delivering enhanced services by giving control to the Payee. The key question is, at what cost can the benefits of open banking be commercially justified?
Open banking comprises of two distinctly different aspects:
- Open Banking – Data
- Open Banking – Payments
For data, there are specific reasons for Open Banking including:
- Enabling account holders to share their data history with other financial institutions to determine if they can secure improved banking services. Particularly for those seeking a mortgage, or borrowing for other reasons such as a business venture.
- Businesses seek transaction history for customer profiling and developing marketing campaigns. In exchange for account holder openness, suitable rewards should be offered.
- This paper focuses on payments where it seems that regulators, particularly those responsible for a jurisdiction’s financial stability and inclusivity, have come under pressure from the FinTech sector and their investors. The FinTech community views payments as a fertile business sector where high financial returns on their investment can be achieved. Challenging financial institutions’ apparent dominant position is seen as a means to deliver high rewards.
This pressure from the FinTech sector has meant a considerable amount of effort and discussion, even leading to a Payment Service Directive (PSD2) being issued by the European Central Bank. As stated in The Revised Payment Services Directive (PSD2) and the Transition to Stronger Payment Security, MIP Online -218, March 2018:
“The main objectives of the PSD2 are (i) to contribute to a more integrated and efficient European payments market; (ii) to further level the playing field for payment service providers by including new players; (iii) to make payments safer and more secure; and (iv) to enhance protection for European consumers and businesses.” –The Revised Payment Services Directive (PSD2) and the Transition to Stronger Payment Security, MIP Online -218
In other words, the PSD2 supports innovation, competition, and the security of payment transactions as well as the protection of consumer data.
It will be interesting in the future to look back to see if these objectives are delivered.
UK Finance released a paper in October 2021 which covers various issues or challenges that Open Banking presents. These issues are likely to be common across jurisdictions. However, the paper fails to address why Open Banking payments are needed. The first sentence of the UK Finance makes a broad statement:
“There is a shared vision across the market – to see open banking payments offer greater choice to customers and merchants on how payments are made and received.” –The UK Finance
The paper goes on to say that Open Banking enables near real-time payments. However, isn’t this already what NRT, Faster, Instant, NPP etc. payment services are delivering today?
NRT payment systems generally support direct credits initiated by the account holder and request to pay (R2P). R2P is initiated by the payee (merchant/biller) and forwarded directly to the NRT system or through the payee’s ASPSP, (Account Servicing Payment Service Provider), commonly known as a financial institution or a bank. The suggestion is to insert PISPs into the payment process, supporting the payee. PISPs, (Payment Initiation Service Providers) generate the R2P and pass it off to the payer’s ASPSP. Like any FinTech driven initiative, we have a whole new set of acronyms.
An R2P may be covered by a mandate, (pre authorised, conditional R2P) set up by the payer and stored in a secured registry, either held by the payer’s ASPSP or centrally. Ad hoc or one-off payments not covered by a mandate are required to be individually authorised by the payer.
Mandates can cover recurring payments of both fixed and variable amounts, potentially covering irregular but repeat payments such as weekly supermarket shopping. The mandate would specify if the payment must be of a fixed amount or cannot exceed a maximum value. The frequency can also be defined, such as the number of payments per month. If R2P fails the mandate criteria, it should be forwarded to the payer for authorisation.
The communication with the payer must be through their ASPSP’s mobile or internet banking app. The payer should only communicate with the system through one entity, their ASPSP.
In their paper entitled “the Future Strategy for Open Banking Payments”, The UK Finance raised six issues and enablers in annex 2. These include:
- Customer Friction
- Merchant or Industry Issues
- Consumer Protection Issues
- Payment Certainty
- Fraud Issues
- Performance Issues
These points need to be understood and as in any implementation of an Open Banking-Payment system, must address each issue to deliver improvements to existing payment services.
The strategy paper failed to pull together all the various proposed parties into an integrated and robust payment system. The division of responsibility based on well thought out boundaries was not presented. The payee especially should not need to deal with multiple providers, especially PISPS organizations. This will raise friction and even trust in the system. This implies a network supporting interoperability by a centralised hub positioned as a component of the NRT platform is a requirement.
Potential of NRT Payments
In their article, Real-Time Payments: Everything You Need to Know, published on 23 March 2021, The Payments Journal, stated that FIS calculated 54 active NRT services in 2019. Today, the figure must have 70+ active services. NRT payment systems are replacing the outdated batch-driven ACH systems, but they also deliver the opportunity for other older payment services to be reformed, and new services to be introduced, providing opportunities for FinTech.
New methods of payment, as a generalisation, struggle to gain mass market acceptance. To gain traction, these methods must offer a compelling value proposition, with minimal friction and enhanced data features, as well as rapid settlement times. These factors will drive account holder conversion and NFC illustrates these points. It appealed to retailers because the time to make payments was reduced with some even reporting reductions of over 20%. This enabled a supermarket to reduce their cashers, although they have now moved to self-service. NFC also experienced a high take-up by customers during the COVID-19 epidemic as consumers’ direct contact with payment devices was eliminated.
So, what is the primary objective of Open Banking Payments? It is to replace the card payments with a more efficient retail payment service for card present and card, not present payments plus reoccurring payments. For domestic transactions, the challenge is relatively low compared to cross-border transactions. Card transactions are approved in near real-time and payers’ accounts are debited almost immediately, but payee account crediting is delayed. To address this issue, cards must move to faster settlement processing. The card processing model is now decades old and needs either a replacement or re-engineering to meet the demands of modern payment systems.
The reliance of billers and merchants on card payment systems may be a good starting point in analysing the current payment systems deficiencies.
- The period for card payment to be credited to the payee’s account in this era of expediency is an issue, especially for small businesses and sole traders who struggle to manage their cash flow. The card acceptance systems were developed primarily for the travel and entertainment market segment, and the processing model has only seen marginal changes with the introduction of computerisation. The card model was also developed to support a line of credit rather than purely being a charge card.
- With its popularity, what was originally called direct debits, (DD) is seen as payee centric. Banks also consider them to be a high-cost service in an age where the ‘self-service’ model is being endorsed to their account holders. The payers’ uptake of DD services is largely a result of certain categories of businesses insisting on the DD payment method, such as utility companies and finance providers.
The DD payment market share of transactions usually accounts for 8-14% of the total consumer payments, with the UK at the higher end of this range.
- Re-occurring payments, which are supported by the card networks are fundamentally no different to the payer than a DD. These payments also have reliability issues, especially if the card issuer blocks a card due to a potentially fraudulent transaction, unrelated to the payment, being detected. Furthermore, card expiry is also a disruptive process for both parties.
Will Open Banking – Payments adversely impact banks? No.
Banks have progressively moved away from a hands-on approach to payments. They have progressively moved their account holders to become more involved in the payment process with the introduction of Internet and Mobile Banking. Technology has allowed them to promote a customer self-service model. In developed markets, retail banking branch networks are shrinking, and ATM networks are declining rather than expanding. In some countries, banks have even sold out their ATM and POS networks, including the sale of switches. Visa and MasterCard are no longer just an association of banks, having been incorporated and listed for nearly two decades.
Open Banking and NRT Scenarios
Open Banking-Payments is introducing additional processing organizations, such as PISPs, into the payment transaction flow. These will be positioned between the Payee and their ASPSP (financial institution) with the prime purpose of initiating and managing the real-time payment or RTP messaging. These organizations will add cost, reduce the efficiency level, and introduce new points of potential failure.
Although there is no significant security issue with RTPs, the integrity of the process is still important. RTP messages need to be sent to the correct recipient and the payee data within the message must be protected using an encryption method such as PKI.
A key assumption is that banks will continue to be responsible for the authentication of their account holders and authorising access to their accounts. They are the gatekeepers, but it does not necessarily imply that an account holder cannot nominate a third party as having the authority to initiate money transfers and payment transactions from their account. A mandate associated with direct debit is, in fact, the account holder allowing a third-party conditional authority to debit their account. However, it is unrealistic to expect account holders to grant unconditional access to a PISP or any other organization.
The following diagram illustrates the standard generic NRT payment system. It should be noted that not all deployments support a Faster Settlement System, (FSS) but this should be expected of any implementation undertaken recently or in the future.
Standard RTP Process
Enhanced NRT Payment Services – Introduces Open Bank
The widespread use of RTP highlights the need for PISPs. RTPs, as mentioned above, are not financial transactions and should not contain unencrypted data that compromises the NRT process. However, fraudsters could send random or unsolicited RTP messages which require a system to support a PISP registration and certification process.
As NRT payments are non-revocable, and payments are completed almost instantaneously, there needs to be a means to authenticate the PISP initiating the RTP through referencing the registrar and a security element to avoid fraudulent activities. Commercial entities, such as businesses that are regularly required to have RTP requests, should have the opportunity to register as a PISP. Business registration means providing account details, authorized personnel to initiate the request and RTP limits such as maximum value.
Mandate RTP Process
When initiating an RTP, the payee must provide an account number, mobile number, email address, and National ID and the request should contain sufficient detail to authenticate the sender as a legitimate payee so the payer can verify the RTP. If an RTP is supported by a mandate, then a verification must be supported by the payer’s ASPSP.
The RTP should be forwarded from the PISP to the payer’s ASPSP, and the payer must be notified of its arrival. Upon receipt of an RTP notification via their mobile or Internet banking app, the payer is required to respond to the request. The option to place a hold on an RTP should be available.
For the FinTech sector, there are opportunities to work with the ASPSPs and Central Banks to introduce new services as add-ons to NRT systems. These add-ons known as “overlays” in Australia, could be owned by Fintech businesses. Cross-border NRT payments are currently evolving quickly.
Author: Peter Goldfinch, Technical Director, Melbourne, Payments Consulting Network
Peter has 30 years of experience in the payments industry and has extensive business and technical knowledge. He has successfully completed assignments in over 50 markets, served as a System Architect for Smart Money in the Philippines and authored ‘A Global Guide to FINtech and Future Payments Trends.’
If you find this article helpful and would be interested in reading similar articles by our consulting team, please subscribe to our newsletter.
Are you interested in reading articles on a particular payments topic, company, payments industry executive or author? Click the search icon, it’s that magnifying glass on the top right-hand side of the website and type in the keywords that interest you. You will then be presented with a list of any articles that match your search criteria.