MAG Insights

Announcements from the MAG & Featured Articles

International Perspective: European Payment Market – Regulation as a Catalyst to Drive Innovation? (MAG Quarterly- Volume Six, Issue Four)

foto_Robert Herzig_082013
By Robert Herzig, Director Customer Payments & Finance, Corporate Treasury, METRO

December 6, 2018

European market regulations for payment services and prices created a single Euro payments area with new players and services.  The transformation to strong customer authentication is bringing new challenges to the involved parties.

After the financial crisis in 2008 Europe and the whole world has seen a lot of new banking and financial market regulation.  In Europe the European Commission regulated the payment market in order to fulfill the common market for goods and services.

Over the last years the pressure on banks grew to create a single European payment area (SEPA), open the payment market for new players, and to lower the prices. So, huge progress towards a common payment market was made.  The European Union achieved these goals mainly with two regulations, the Payment Services Directive I (PSD I; 2007/64) and the regulation on interchange fees for card-based payment transactions (MIF; 2015/751).

The main results of these regulations were new European payment products for the Single European Payments Area (SEPA), the SEPA Credit Transfer (SCT), the SEPA Direct Debit (SDD) and a SEPA Card Framework (SCF). From a merchant and a consumer point of view, the SCT using the Inter Banking Account Number (IBAN) is working properly. Additionally, with regard to the technical standard, credit transfers have to have the same price for domestic or “Intra European” (from one country to another) transfers. SDD as well can be used for the whole Euro zone and is expanding to some countries which didn´t use Direct Debits in times before SEPA.

With respect to the SCF, we see mainly technical results without a real European card scheme or even the interoperability between national payment schemes, which are still alive in the big economies like France, Germany, Italy and others. “Cobatching” the national cards with international (US) schemes is still the only way how consumers can pay cashless at the POS if they cross the borders. This is not only problematic for consumers from the political point of view but also for the European merchants who have to pay higher fees for these transactions then for transactions with the national schemes even though these transactions are partly regulated by the above-mentioned multilateral interchange regulation (MIF).

Meanwhile, since the above-mentioned new products were created from the European banks, PSD I introduced a new kind of license/company type for companies which want to offer payment services, “payment institutions” or “PI’s.”

To become a payment institution a licence is needed, but as compared to a full banking licence, less effort and requirements are needed. As a result, both new players entering the market, as well as existing players which offer only transaction routing services have become PIs.

Nevertheless, the overall market landscape is changing and beside the new entries there is an ongoing concentration process. Some acquirers became payment service providers (PSPs) and vice versa, but mergers between acquirers and PSP´s have occurred recently and are likely to continue.

The MIF regulation of the multilateral interchange fees set a cap on these MIFs for consumer cards (European domestic transactions) at 0.2% for debit card transactions and 0.3% for credit card transactions.

The effects of this regulation are currently under the review by the European Commission. Although generally welcomed by the merchant community there are still some pain points. The heavily increased scheme fees dilute the positive effects of the reduced interchange fees. There is no regulation for corporate cards and there are cards in the market which are used and charged to private cardholders, although they are prohibited by the MIF regulation. For these cards we see the old unregulated pricing structures with high MIF and different prices for different sectors. Some sectors like the travel & entertainment or wholesale business are suffering from these unregulated MIF.  The schemes and banks are not bringing these fees down although there might be the risk of further antitrust claims.

Revision of PSD I - outcome PSD II (2015/2366)
After the introduction of the new SEPA products and the entrance of new players in the payment market made possible by the PSD I, this directive was revised and the successor, PSD II, was published and is applicable since January 2018.  With the PSD II, new players in the payment arena were invented and others legalised in order to force competition for banks.

Account Information Service Provider (AISP)
These new players can access the bank data with the consent of the customer (account holder) through defined interfaces between their systems and the banks.  So, they can offer new services using the data from the bank accounts, e.g. offering new contracts for telecommunication or utilities if the analysis of the data shows that the customer is paying monthly too much for these services currently.  This brings a total mind shift in data usage. The data does not belong exclusively to the banks any longer, but to the customer who decides which third party might access to it.

Payment Initiation Service Provider (PISP)
The next player, the Payment Initiation Service Provider (PISP) is a legalization of yet existing services which initiate payments for the customer who purchase in the internet. A SCT is initiated with the credentials of the customer passing the information on to the direct banking system of the customer.

Strong Customer Authentication (SCA)
In addition to the introduction of these new payment service providers, the regulation requires the existing players a higher security level for electronic payments via a stronger authentication of the payer, the strong customer authentication (SCA). This special rule was adopted in the European Union and will be enforced as of September 2019.

The SCA must be applied when a customer is accessing his payment account, is doing an electronic payment or carrying out any action through a remote channel which may imply a risk of payment fraud.

With the SCA, 2 Factor Authentication (2FA) is required.  2 out of 3 factors (possession, knowledge, inherence (=biometric) must be used to authenticate the customer.
There are some exceptions to this rule, because with a SCA for all transactions the User Experience would suffer too much:

  • For low value transactions up to 30 €
  • For NFC transactions up to 50 €
  • Transactions at unattended payment terminal for parking and transport
  • Cardholders can do a whitelisting of e-commerce merchants via their issuers
  • Low risk transactions
  • Certain corporate payments.

For the stationary POS the SCA is not a big issue – the card or mobile phone is used as factor “possession”, the PIN as factor “knowledge.”

SCA is challenging for all stakeholders who are involved in e-commerce payments - issuer, acquirer, any payment scheme and merchants, because it is not easy to find secure solutions which comply with the SCA and offer an acceptable level of User Experience. Merchants fear a reduced conversion rate in their e-commerce shops.

The 3DSecure standard with a static password and even one-time password via SMS is not recognized as an acceptable knowledge factor, but qualifies as possession and not usable in addition to only card data which also constitutes possession. Therefore, new solutions need to be found. Inherence (biometric) might play a more important rule in the future, but the infrastructure (e.g. smart phones with finger print sensor) is not available for all users. Currently the payment schemes, service providers and merchants are trying to get a waiver, as the SCA criteria probably will not be changed.

In summary, as a result of these regulations, Europe has seen progress towards a common payment market. Increased competition to the traditional banks due to new players in the payment area leads to new and better services and a more competitive pricing for the users.