In recent months, we’ve seen the payment industry’s innovation agenda take a significant step forward. After much work, the standardization initiatives, and regulatory and authentication frameworks, are at last coming together.
Spurred on by this, we are likely to see new players entering the payment value chain - not to mention the evolution of existing business models. It all heralds a dramatic change in the current financial services ecosystem.
With the foundations now in place, it’s time for the real work to begin – particularly if the tight implementation dates set by the regulatory bodies are to be met.
So, as banks embark on planning, designing and deploying innovative new online and mobile payment services, and developing new banking interfaces and authentication techniques, it is useful to take a step back – to see how we got here, what more needs to be done, and how the SPA can bring its considerable expertise to bear to help.
A key cornerstone for the move to ‘frictionless’ online payment is now in place. In October, EMVCo finally published its 3DS 2.0 Protocol and Core Functions Specification for app-based authentication and integration with digital wallets, as well as traditional browser-based e-commerce transactions. The principles rely on risk-based authentication, and the use of Strong Customer Authentication (SCA) only when required. However, this latter functionality must always be used to conform with the EBA Regulatory Technical Standard on SCA.
The landmark EMVCo specification provides a globally interoperable framework that will promote a consistent authentication user experience across all e- and m-commerce channels and connected devices. Reflecting current and future market requirements, the specification delivers the flexibility the payment industry needs to support new online authentication technology developments. But it must do so within the boundaries of the recent requirements set by the EBA.
For our part, SPA members will be on hand to provide advice, guidance and technical expertise every step of the way. SPA Members have been strongly involved in developing ISO standards to support the interoperability of new open payment infrastructures which are regulated under the European Parliament’s revised payments directive (PSD2). The challenging 2018 implementation deadline of new functional and security requirements is pushing banks to actively explore how to develop standard APIs. These APIs will enable Third Party Payment Providers (TPPs) to access information on bank-held payment accounts, a major breakthrough. Over the past few months the SPA has undertaken a detailed evaluation of a number of new European schemes within the SEPA framework, including Instant Credit Transfer Payments and Mobile P2P payments. As the payment market continues to evolve, SPA is committed to keeping its finger on the pulse of emerging innovations to ensure such payment mechanisms represent an appropriate yet complementary option to today’s proven secure card payment technologies and infrastructures.
Meanwhile, as a review of recent market data confirms, contactless card transactions continue to grow dramatically around the world. [See SPA's paper: Contactless Payment Benefits & Worldwide Deployments - Food for thought for US issuers - April 2016]. Despite this impressive growth, fraud levels on contactless cards and devices remains impressively low.
Indeed, consumer use of payment cards continues unabated. European Central Bank (ECB) statistics point to double-digit growth in card transactions compared to other payment instruments such as credit transfers, checks, direct debits and cash. This unstoppable move towards card adoption has been fuelled by the recent US migration to chip card technology, and completion of the long envisioned global EMV infrastructure.
The increasing acceptance of contactless cards and readers is paving the way for the adoption of mobile payments. Representing a vital first step in consumer and merchant education, familiarity with contactless payment is proving highly effective at preparing the way for user acceptance and take-up of “The Pay” options: Apple Pay, Samsung Pay and Android Pay.
SPA is teaming up with the financial industry to better understand the regulatory requirements in terms of customer authentication, and to anticipate the development of fit-for-purpose contactless payment products.
For example, in August the European Banking Authority (EBA) published its consultation paper on draft technical standards for strong customer authentication and common and secure communication for remote electronic payment transactions under the PSD2.
SPA has also been working with the European Card Stakeholders Group (ECSG)* to review the Payments Services Directive 2 (PSD2) compliance implications for banks and provided the EBA with a set of constructive comments to facilitate strong customer authentication implementation.
With the ‘new’ ECSG now an independent organisation, SPA as a Founding Member, is channelling its input through a very active participation in the Vendor sector of the organization.
The first priority for the ECSG has been to focus on the publication of the next release of the Volume Book of Requirements, which will take into account the new regulatory provisions for visual and electronic identification of co-branded payment cards.
Through its ECSG Board membership, SPA has also been heavily involved in management tasks; the creation of governance rules and frameworks for the new entity to ensure maximum levels of collaboration while protecting the intellectual property of vendors. SPA intends to continue to play its leadership role of the Vendors Sector of the ECSG and to actively push for innovation, while supporting appropriate standards that add value for banks and their customers.
As we move into 2017, regulations will continue to evolve as new ways to pay are developed and adopted. SPA is committed to ensuring that such regulations do not negatively impact on banks or over complicate the user experience.
Looking ahead at the major challenges facing our industry in 2017, one cannot ignore the complexities of this fast evolving environment. The crucial issues surrounding the roll-out of instant credit payment transfers, initiated with different personal devices, and the implementation of the interfaces required for the provision of Third Party Payment Providers according to the PSD2, must be effectively addressed. SPA will remain active in the standardization process of APIs, protocols and security architectures to protect all the actors involved in these new payment circuits.
Throughout 2016, much of the discussion centered on the financial industry real use cases for Blockchain and Distributed Ledger Technology (DLT). The challenge now, SPA believes, is to reach a broad consensus between banks and fintechs to solve existing operational problems. We must come together as an industry to build and implement the financial Blockchain solutions of the next decade. It’s a major task, and SPA will continue to monitor and contribute to those standardization initiatives intended to improve financial Blockchain interoperability and security.
In all, 2016 was a very successful year. Agreement of the various payment regulations and standards was long in coming. Now we are here, it’s time the real work started.
Smart Payment Association
* The European Cards Stakeholders Group (ECSG) is a multi-stakeholder association promoting card harmonisation in the Single Euro Payments Area (SEPA). The ECSG is made up of organisations from five sectors of the card payment chain: retailers/wholesale, vendors (card, payment devices, related IT systems), processors of card transactions, card schemes, and payment service providers. The ECSG is an international not-for-profit association. The objective of the ECSG is to contribute to making it possible for EU citizens to use their cards for payments and ATM withdrawals with the same ease and convenience throughout SEPA as in their own country, and to help remove technical, practical and commercial barriers to card harmonisation for the benefit of industry participants. It pursues this goal through the maintenance and evolution of the SEPA Cards Standardisation Volume (the Volume), a key document for the card industry defining guidelines for cards standardisation, interoperability and security in Europe. As a self-regulatory initiative, the ECSG also promotes conformance of the card industry to the Volume. The ECSG is not part of the EU institutional framework, yet its creation is supported by European Union institutions, which participate in its work as observers. www.e-csg.eu