- Количество слайдов: 22
Payment within EU Regulations Context - Impacts - Options Running Payment Business ADVAPAY 2016. 10. 28 -29 Ugo Bechis E-Payment & SEPA Advisor © 2010 Colt Telecom Group Limited. All rights reserved.
Payments within EU Regulations q Payment developments drivers : integration into the (e-)Commerce cycle P 2 P - Fintechs’ access to payments q Cases : Big Social, E-Comm players , the Wallet entry point q “Non-money vs Money” roles : access, data intelligence, ownership via ID q Regulatory angle : EU PSD. 2 RTS and the Regulatory Package q Options : payment business models ; success factors q Bexit : a first focus - preparatory steps Ugo Bechis
SEPA - EU Authorities : Policy objectives , principles Policy objectives ØAn orderly and competitive playing field in EU (also ref. to non-EU players) ØAccess to Bank payments by non-bank subjects , within a regulated frame ØInteroperability of Payment Instruments troughout EU ØOpen access : no contractual/ technical barriers for any player ØLower prices : card MIF fase out , more efficiency , lower costs Policy principles §Beyond integrated “vertical” models (bank - channel - payment - customer) §“Horizontal” approach : channel to be neutral to banks’ access, also by TP §Common rules : independent from type of payment , channel ownership © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
Payments development drivers : different activities 1) (e)Commerce driven : > “non-money” v Convergence of in-Store and in-App v Attract / retain / sell & pay (geo-location, loyalty, “one click” button) Ø Wallet App. s bundle buy & pay functions 2) P 2 P ”near-instant” (card/non-card) > “money” v via Mobile ; leverage on “social” features v “instant” card-to-card/ account-to-account Ø Mobile Apps bundling social + payment 3) “Big Social” access customer capture v Access ID ; behavioural data , proactive > “money” > “non-money” © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
1) e-Commerce scope : to sell & be paid Ø No-friction purchase process : intuitive , easy , quick q Conversion rate : 62 % (paying buyers vs e-cart check-out) q Types of paym accepted : 6. 8 (avg no. of payment instruments) q Checkout time : 134” (avg seconds from cart checkout to paym) q “click” time (ex 2014 : 12”) : 8, 5” (avg seconds from one click to next one) Ø every - 10” lower checkout time = + 2% conversion rate > sales © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis source : pymnts. com 04. 12. 2015 - Blue. Snap - Top 70% US e-Comm (650 e-Retail websites)
2) Payment options driver : P 2 P «near-instant» How the Dutch pay online: mainly with i. DEAL!. . Ugo Bechis - The Pay. Pers - Friday 16 September 2016
3) Capture at customer access : Big Social - ID & data Buyer Seller PSP App Pay app Online platform Pay app Various SPs Pay platform Online Bank Ugo Bechis Pay app Online Bank
3) Capture at payment access : open wallet (case : Pay. Pal) Pay. Pal - Open Platform gateway strategy q Pay. Pal branded or white label wallet (Dan Schulman) § Pay. Diant : Apps to tailor wallets to payers or merchants § Braintree : open “agnostic” wallet (SCT, cards, loyalty) § Venmo : Mobile P 2 P (Pay. Pal instrument) § One Touch tech : shopping cart - one click “Buy&Pay” Ø Take aways ü Open wallet to (all) TP payment instruments ü Tailored App. s to payers or merchants needs ü Wallet : “checkout” (VISA/MC) & loyalty services © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
3) A digital access gateway : the Wallet Ugo Bechis
EU response : the Regulatory package (Highlights) Regulatory Act What Market Impact PSD. II • TPP (“access agents”) • TP Info Providers • Secure authentication • Security TPP-ASPSP • TPP-to-Bank protocol • • • Access role open to any TPP Banks multi-account info at TPP Payer Credentials security Secure ID PSP-to-PSP Standard TPP APP interfaces e-ID & Trusted Serv. Reg. • e-Identity EU legal validity • e-ID Schemes • Role of Trusted party • Time stamping • Contents encryption • • • Secure distant Identification Third party Trustee role Thrid party guaranty on time & contents between two parties • • 1 “dynamic” factor needed 1 credential for all instrument, not limited to one only (a card) TP can handle wallet credentials multi-instruments, multi-bank (EP 08. 10. 2015) (EP 08. 2014 ; Implementing Acts due by 2016) ECB - EBA Authority - e-Payments Security Guidelines EBA Authority - TPP-to-Bank protocol • Two-factor “strong” authentication • 1 credential entitled to all payment services • Separate channels: Trx, Info • TPP-to-Banks standard protocols and data set © 2010 Colt Ugo Bechis Telecom Group Limited. All rights reserved. • • • Bank must give consent (PSD. 2) Bank APIs open to TP APPs
New EU Regulations : impacts on customer relationship 1) e-ID Reg : Identification by entry gateway as key to customer ownership (re: Dutch, Sweedish Bank-ID for access to PA via Banks HB) (eg: mobile public e-ID bundled with payment credentials) 2) ECB-EBA : e-Payment security - one credential > > choice of instrument at wallet , routed to Banks > 3) PSD. 2 : TPP App. s to be granted access to Banks > Banks/PI can play a TPP role vs other PSPs > 4) PSD. 2 : Info/data consolidated by TPP “agent” © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
PSD. 2 TPPs : Key points - impacts (highlights) q TPP - Third Party Payment Service providers : 3 categories 1) PISP - Payment Initiation Service Providers : initiating a payment order at an count with another PSP, without handling the funds whether or not there is any contractual arrangement between PSP and payer’s ASP 2) AISP - Account Information Service Providers : on the basis of customer’s consent to AISP, provide and consolidate information on transactions from a user’s payment account(s), whether or not there is a contractual arrangement between the “AISP” and the user’s ASP (the Bank). 3) Issuing of Payment Instruments (new definition) : “to provide payment instruments to initiate and process payer’s payment transactions”. A broader concept of “payment instrument”, eg a service (wallet) with two/more payment brands / applications on the same payment instrument (ref to “co-badging”) Notes v Banks must grant TPPs access to payment account information (i. e. , via open APIs) on an “objective, non-discriminatory, proportionate basis”, where explicit consent of user; access must be “extensive enough” in a “unhindered and efficient manner”. v A checkout service (eg wallet) where Payment options are offered is a “payment instrument issuer”. (as opposed to the issuer of each of the available payment methods) Ugo Bechis
The EBA Authority PSD. 2 RTS (Public consultation - 12. 08. 2016) EBA RTS highlights v. Banks to define their interfaces via APIs documented, available on websites v. Payment security & authentication up to Banks also when initiation via TPP authentication only on basis of prior contract customer-bank (ASPSP) v. Strong dynamic authentication ; exemptions : c-less card < € 50 , CNP < € 10 v. Prevention, detection, real-time block of fraud trx before final authorisation v. Banks must provide AIS TPP accounts, trx info ; not sensitive data (personal) ve. IDAS PKI certificates (ETSI) for ASPSPs-AISPs-PISPs mutual authentication v. Card Acquiring PSP to support payer’s PSP strong Ugo Bechis authentication for all trx
Customer ownership : Key steps , Regulatory references Work flow steps & roles EU Regulatory Acts a) Entry step device authentication ECB-EBA e-Payment Security ( PC , Tablet , Phone / Mobile HW , card ) PSD. 2 / e-IDAS b) Wallet “owner” (Phisical/Mobile/Cloud) PSD. 2 / ECB-EBA e-Paym Security c) ID+access Credentials to Wallet/Instruments e-IDAS / PSD. 2 / Data Protection ( e-ID + biometric > Token > two factor credentials) d) Payment acceptance authentication PSD. 2 RTS / e-Payment Security e) Account holder / payment data intelligence PSD. 2 / Data Protection Reg. © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
Access steps and Technical Standards : ISO + … Access steps Standard Tech Specifications 1) Physical entry device ISO (payment) - ETSI (Telcos) (EMV Card , Phone SIM , PC , Mobile HW) 2) Hosting wallet (Mobile/Cloud) , ID ISO - ETSI - W 3 C * 3) POS/ATM > < Card/Mobile initiation ISO - ETSI (Two Factor >< Token >< Biometric credentials) 4) e-Comm > < e-Payment initiation ISO - ETSI - W 3 C * - FIDO * 5) Payment authorization for cards ISO 8583 6)Payment clearing & settlement mes ISO 20022 v* W 3 C Org and FIDO define overall web process standards © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
Credit Agricole App Store Principles §Co-development of App. s by third party / start-up §on customers desires §Limited CA effort / open API https: //www. creditagricolestore. fr/ https: //www. youtube. com/watch? v=z 59 Buqw 7 Di. I&feature=youtube_gdata Ugo Bechis
PSD. 2 RTS : TPP access to banks via “open API. s” > > > > > Ø Banks “open API. s” require legacy IT architecture processess and security Ø TP APP. s need a process for testing, secure structured delivery, anti-hacking < < < Ugo Bechis
PSD. 2 : Business & Economic Impacts q The access player (ID + paym credentials) “owns” the customer q Business models will require Bank-to-TPP Fee & Brand Policy § Wallet owners claim “broker fees” to host paym instruments (eg: rebates to Google wallet, to Apple. Pay from card Issuers) § Policy on Banks vs TPP Brand / co-Brand visibility q Paym instruments multi source pricing , non 4 -corner § Pre-paid instruments “internal account” average float § P 2 P card-to-card / account-to-account non-IF payment fees § Focus on net profitability , lower costs processing models q. Towards non-IF models : VISA & MC processing revenues up q Bank-Merchants joint strategy: checkout, customer routing q A Bank can be a TPP digital agent vs other banks © 2010 Colt Telecom Group Limited. All rights reserved. Ugo Bechis
Brexit - Civil Law vs Common Law : a focus Ø The BIS-IOSCO CPMI Principles call for a sound legal basis (p. 16) (contracts to be enforceable, risks transferred between the parties, other) Ø National legal systems and jurisdictions are built on basic legal principles, which can be different if they are based on Civil law (continental Europe +) or Common Law (UK, US +) Key differences in Civil Law vs Common Law principles Civil Law Common Law - Codes provide the core of the law , exhaustively. Cases are a secondary source of law. - Acts of Parliament can define or override the Common Law if they do so clearly unambiguously Parliament presumed not to interfere with Statutes - Judges are not bound by previous cases ; the law on general legal principles. - Lower Courts are compelled to follow decisions laid down by the Higher Courts. free to apply - Statutes provide no definitions, not read restrictively. - Statutes very detailed with exceptions and their applications restricted to specific facts covered. - Civil law systems are ‘closed’ – every situation is governed by a limited number of general principles. - Common law systems are ‘open’ – new rules may be created or imported for new facts. - Civil law contracts are based on the autonomy of free will – actual consent (a subjective standard) is required, but presumptions of facts are available to the judge. - Common law contracts are based on the reasonable expectations of the promise (an objective standard). - Good Faith – in contracts the obligor must perform his duty in good faith with regard to commercial practices. - There is no principle of good faith of general application. v Complimentary Note of Lloyds TSB Bank plc - February , 1. st 2005 (excerpt of memo to UB) © 2010 Colt Ugo Bechis Telecom Group Limited. All rights reserved.
Brexit - Civil Law vs Common Law : implications The different assumptions at the base of Civil Law vs Common Law can impact on Regulations, responsibilities of parties, litigations in cross-border activities , ie : §The Statutes’ level of detail of activities, nature of subjects , higher in Common Law §The limit of “contractual autonomy” of parties (Civil Law) in Common Law jurisdictions §The limit of the Civil Law “good faith” when in Common Law jurisdictions § Contracts litigation & arbitration clauses , choice of the reference Fora Ø What above is relevant when payments involves the activities of several parties (processors, clearing infrastructures, “big data” , internet enablers, etc) , based in EU, UK (and US) along the payment chain © 2010 Colt Ugo Bechis Telecom Group Limited. All rights reserved.
Brexit : preparatory steps Ø The Brexit process, terms of exit, timing need to be closely monitored In the interim period some preparatory activities can be considered a) Focus on Business models , whether “money” (License) or “non-money” b) Review of Company’s Statutes, in a cross Common Law- Civil Law perspective c) Review of contracts with third parties, their contents, litigation clauses “ “ d) Consider registration of Patents on proprietory services (eg: Info, tech, APIs) e) Separate focus on existing money handling activities vs new Fintech Ugo Bechis
Ugo Bechis e-Payments & SEPA Advisor ugo. [email protected] com Ugo Bechis