Payment Tech & Regulation: Challenges of Regulating a New Emerging Innovation Market.
On February 5th the payments industry got together in a grey and drizzly Brussels to face off and discuss the future of EU payments, the revised Payment Service Directive (PSD2), and, most notably, 'strong customer authentication' (SCA).
Understanding the Payment Services Directive (PSD)
For those new to EU payments law, the existing Payments Service Directive (PSD1) was adopted in 2007 with the objective of making cross border payments easy, secure and efficient across the member states. The new Payment Service Directive (PSD2) looks to modernise the existing law. PSD2 introduces stricter payments regulation and Strong Customer Authentication (SCA) to enhance security and trust in digital payment transactions.
The Evolution of Payments Tech
Since 2007 the payments tech space has changed. It’s an emerging digital payment market where many new and innovative types of payments service providers have emerged – think Monzo, Neat, Alipay, WeChat Pay, ApplePay, . “These service providers have brought innovation and competition, providing more, often cheaper, alternatives for payments, but were previously unregulated” explained the European Commission. The Payment Services Directive (PSD2) seeks to enhance efficiency, ensure a level playing field (including for new players) and protect consumers.
Centred around these objectives have been several controversial mandates, one of the most prevalent being Strong Customer Authentication (SCA). Before going any further let me explain what this term means.
What is Strong Customer Authentication (SCA)?
SCA is a new mandatory requirement for authenticating a payment made via the internet. As part of the Payments Tech landscape and payments regulation under the Payment Services Directive (PSD2), customers must use two out of the three elements set out in the regulation to authenticate a payment before it gets processed. The three elements of authentication are: something the customer knows (e.g. a password), something the customer has (e.g. a mobile phone) and something a customer is (e.g. a finger print). This requirement ensures security in the digital payment market.
Impact of SCA on Payment Service and Process
As a consequence of the intent to protect consumers from fraud, the SCA has created some hurdles for the industry, especially where subscription services exist. In today’s world many of us use our various payment methods to take care of our bills, like our mobile phones, subscribe to services like Netflix, and top up accounts like transport services. We hand over our payment details and let the payment providers do the rest. With SCA customers will need to authenticate each of their subscription payments, sometime multiple times. Some industry participants at the event expressed concern over this requirement claiming that it will be too onerous on their clients, creating delays in payments and possible loss of clients. This is particularly significant in the digital payment market, where the Payment Services Directive (PSD2) and related payment regulations aim to enhance security but may inadvertently complicate the process for recurring transactions.
During the forum representatives from the European Banking Authority (EBA) contested various questions regarding this matter and replied that industry should review the guidance notes and Q&A tool published on their website.
SCA Exemptions for Recurring Payments
In review of the supplementing Directive (EU) 2015/2366 of the European Parliament with regard to regulatory technical standards for SCA, I noted an interesting exemption: when the customer makes a series of recurring payments for the same amount to the same business SCA will apply on the first payment but not for the reoccurring ones. For example, if your gas bill is set to a fixed amount, say €35, and you authorise your gas company to charge your credit card or e-wallet every month, then you will only need to authenticate this payment subscription once. However, if the amount is variable then you will have to authenticate each time.
However, before you breathe a sigh of relief, pay attention to the definition. It must always be for the same amount, otherwise SCA will apply, again and again. While subscription payments are often periodic and made to the same business, more companies are using a variable rate (also known as a metered rate).
Furthermore, I noted that Visa Europe has posted a consultation question on the EBA website asking them to consider exempting the credit card-initiated payments from SCA, as this hampers their use to make payments on subscription services.
“...payment cards are widely used for standing instructions where the payee pulls transactions from a payment card according to the conditions agreed with the payer. This would be the case for subscriptions to services, such as multimedia platforms on the internet or payment of utilities; payments in instalments; or top-up of a closed loop account (e.g. a card usable for public transport services).”
In reviewing the EBA’s response on this matter, I noted they have been flexible in exempting the credit card-initiated payments so long as the amount is always the same. However, the issue regarding variable amounts remains uncontested.
Future of EU Payments Tech and Regulation
Taking a strategic view of the medium and long term of EU payments regulation, Javier Perez, President of MasterCard Europe, summarized it best: “Ideally payments will disappear and be fully, seamlessly embedded in the shopping action, with no extra efforts needed." It will be interesting to see if regulators share this view or continue to seek ways to introduce friction into the consumer experience. Either way, for the consumers and those innovating in this space, the future is bright as regulators are keen to support the innovation and those who are interested in diving into the Payment Tech space!
Payment technology and regulatory compliance present both opportunities and challenges for businesses of all sizes. By leveraging on-demand legal services, you can ensure that your business is always prepared for the latest developments and capitalising on new opportunities. Partner with KorumLegal today to safeguard your business's future and navigate the complexities of payment tech and regulation with confidence.
Carlos Sanchez-Webb
Feb 27, 2019
Related Posts.
By: Danh Nguyen
Emerging Financial Service: Ultimate Guide of Payment Services
Payment Services Law and Practice: A Neglected Area of Financial Services
Everyone seems to be familiar with the term ‘financial services’. But whenever I mention ‘payments’ or ‘payment services’, I..
By: KorumLegal
GC Spotlight: Anastasia Demetriou