Post on 17-Apr-2018
1
IPSO Response to the European Commission Green Paper
‘Towards an integrated European market for
card, internet and mobile payments’
Author: Úna Dillon, Head of Card Services and Communications
Irish Payment Services Organisation Ltd. (IPSO)
About IPSO
The Irish Payment Services Organisation (IPSO) is the representative industry body, the
voice and guardian of the payments industry and the strategic interface with all payments
stakeholders within the Republic of Ireland. Its fundamental principles are to preserve the
integrity and security of the Irish payments systems and to promote and oversee the
strategic development of such systems in the interest of the industry and the general public.
This document was prepared in conjunction with the card issuers and acquirers operating
within the Republic of Ireland, which are members of IPSO Card Services.
IPSO Card Services is responsible for examining security and fraud related issues affecting
the card payments industry as well as monitoring legal and regulatory changes both at a
domestic and European level. In addition, Card Services’ General Manager represents the
Irish retail banks on the European Payments Council (EPC) Cards Working Group and the
banking sector on the EPC Card Stakeholder’s Group.
2
Irish Payments Landscape
The payments industry within Ireland is very diverse, offering numerous payment and
related products, including:
• Single high-value automated credits
• Files of low-value automated credits and debits
• Cheque payments and paper credit transfers
• Debit card payments
• Credit card payments
• Payment messages via the SWIFT Network, and
• Cross-border payments
IPSO is working closely with its member banks, the Government and other stakeholders to
ensure the strategic development of Ireland’s payments systems. It has been widely
acknowledged that the efficiency of Ireland’s payment systems’ infrastructure could be
improved by making more use of secure and efficient electronic payment methods leading
to a reduction in cash and paper payment transactions.
Irish Payments Summary (2010)
Payment Method Number of
Transactions (millions)
Value of transactions
(€billions)
Electronic Credits 138.5 178.2
Electronic Debits 108 93.6
Credit Card Payments 108 11.3
Debit Card Payments 208 11.5
ATM Withdrawals 178.1 22.3
Lodgements–giro and other paper 42.1 460
Cheques and other paper 90.9 457
3
Irish Card Payments Landscape
The use of payment cards (i.e. credit and debit cards) in Ireland has grown considerably in
recent years as they are increasingly recognised as a cost efficient and convenient
alternative payment method to cash and cheques. The use of payment cards is dependent
on consumer confidence in such cards and in particular, in the security measures
surrounding their use.
In order to facilitate this continued expansion in the use of payment cards and to further
improve security measures in connection with their use for the benefit of consumers, card
issuers and acquirers, IPSO Card Services explores how security issues such as payment card
fraud can best be addressed within the card payments industry for the benefit of all
stakeholders. It also examines the impact on the card payments industry of legal and
regulatory changes and looks at opportunities for the development of card payments in
Ireland.
Trends in Number of Payment Cards in the Irish market 2003 – 2010 (millions)
4
Trends in Volume of Irish Card Payments 2003 – 2010
Trends in Value of Irish Card Payment 2003 – 2010
5
IPSO general comments on the EC Green Paper
IPSO welcomes the opportunity to provide comments on the European Commission’s Green
Paper “Towards an integrated European market for card, internet and mobile payment”.
We fully support the goals of the paper including in particular:
- The necessity for consumer choice
- The need for innovation in payments
- The need for customer safety and security, and
- The need for competition in the market
Consumer Choice
While banks and payment providers have a future view of payments and payment types,
none of us can predict what consumers will want to use, nor can we force consumers to use
one payment method or tool over another.
We believe that there should be better communication between payment providers,
regulators and consumers, with a relevant portal for that communication. All market players
should have a relevant channel to help them to understand the needs of consumers better
and to meet those needs, through providing better choices while ensuring security and
safety of the consumer.
Innovation
The speed to market of innovation has increased dramatically in the past ten years,
especially in the area of internet, mobile and contactless card payments. We believe that
the industry should promote the benefits of innovation in payments to both consumers and
retailers.
6
Regulation and standards should neither impede innovation nor prevent the market in
investing in new payment methods and tools. The market should be encouraged by
regulators to increase acceptance of new payment tools while considering consumers’
needs, through communication with consumers.
IPSO believes that consumers should be encouraged by the payments industry to use the
new technologies available to them while ensuring their trust in the systems and new
payment tools.
We believe that the costs for using current and future payment tools should be transparent
to both retailers and consumers and that they should have the choice to adopt new
technologies.
Customer Safety & Security
IPSO believes that the industry needs to provide choice for our customers while ensuring
security of the products and avoiding customer confusion. We believe that certain areas of
security and fraud prevention should be reviewed on a regular basis by the industry, to keep
up with the fast changing fraud trends in the payments market. Future threats should be
considered in more detail by the regulator – on an on-going basis.
Security is key to consumer trust and the industry needs to ensure that customer trust is
upheld today and in the future, as the payments market changes and new methods of
payments become available to our customers.
The industry should encourage not only the secure use of the payment tools they provide,
but the additional tools used by consumers such as PCs, smart phones, etc. There is an onus
7
on the industry to fully inform consumers on the risks and dangers of payment fraud and
more importantly on the solutions and preventative methods available to them, both
through the payments industry as well as through use of technology such as anti-virus and
anti-Malware software, etc.
We believe that this is an area that needs constant review, ensuring the on-going integrity
of the payments market. There are many moving parts within the payments industry and
the provider of each part needs to ensure that their area is secure.
IPSO believes that the industry security standards need to be sufficient, to avoid any
reputational risks.
Competition
IPSO believes that a level playing field is needed for the payments market. While national
competition authorities regulate the payments industry, such regulation should be
consistent across the board such that all stakeholders can operate in a fair and competitive
market.
The EPC SEPA Cards Framework is important for the future of card payments and should be
adhered to by all banks involved in card payments. Adherence should lead to greater
competition (having a set of standards in place means that new entrants to the market can
slot in easily to any part of the card payments chain).
8
SPECIFIC RESPONSES TO THE COMMISSION’S QUESTIONS
4.1.1. Multilateral Inter-change Fees (MIFs)
Questions
(1) Under the same card scheme, MIFs can differ from one country to another, and for
cross-border payments. Can this create problems in an integrated market? Do you think that
differing terms and conditions in the card markets in different Member States reflect
objective structural differences in these markets? Do you think that the application of
different fees for domestic and cross-border payments could be based on objective
reasons?
(2) Is there a need to increase legal clarity on interchange fees? If so, how and through
which instrument do you think this could be achieved?
(3) If you think that action on interchange fees is necessary, which issues should be covered
and in which form? For example, lowering MIF levels, providing fee transparency and
facilitating market access? Should three-party schemes be covered? Should a distinction be
drawn between consumer and commercial cards?
Responses
The industry must support competition.
The MIF will differ from country to country because the markets vary; the cost of processing
all types of payments, of running a business, of selling will be different in each country.
While a SEPA-market may integrate from a clearing, settlement and processing perspective
it is important to allow for competition within that market. Interchange itself is sometimes
confused with the Merchant Service Charge (MSC) or Scheme Transaction Fee (STF).
9
Interchange rates are set based on the costs incurred to both issuers and acquirers, paid by
the acquirers to the Issuers on a per transaction basis and covering such costs as:
• The guarantee of payment from the card issuer, given that the retailer is paid by the
acquirer in advance of the cardholder being debited;
• Payment to cover the interest free period, i.e. the time between a cardholder
shopping on their card and them paying their credit card bill;
• Processing of security and fraud prevention measures such as authorisations,
managing hot card files, etc.;
• Projects such as contactless card payments, etc.
• General processing costs, including the issuance of plastic cards.
The Card Schemes manage the interchange fees, while they have no remit over the set-up of
MSC fees. These are set by the acquirers and may or may not reflect the interchange value /
level for certain payment products; depending on the acquirer.
IPSO believes that to support the growth and promotion of card payments in the future, the
acquirers should provide transparency on their costs to retailers for processing payments,
for the various product types, e.g. credit, debit, prepaid, etc. where possible. There is a
regulatory requirement that all relevant Card Schemes publicise their interchange fees and
this is done however there is currently no onus on acquirers to justify their MSCs to
retailers.
For example, in Ireland, members of the local debit card scheme Laser Card have withdrawn
from the Scheme in favour of issuing Visa Debit to their cardholders instead, for the most
part. Visa has reduced the interchange fees for the debit card product to more or less meet
those set by the Laser Scheme. For both Schemes the interchange is a low value flat fee
however there is at least one Acquiring processor which is charging its customers (the
retailers) an ad valorem charge per transaction for the new debit card sales. This is not
helpful for the market, while IPSO and the Central Bank aim to encourage greater use of
more efficient payment methods such as payment cards.
10
While MSCs are a commercial matter for acquirers, IPSO believes that the fees charged to
retailers for card processing should be transparent to the retailers and the costs justified.
There is a misconception being borne in Ireland currently that a hike in merchant fees for
accepting debit cards is due to the arrival of the new schemes in the market, i.e. Visa Debit
and Debit MasterCard, while this is not the case.
IPSO proposes that while interchange, either bilateral or multilateral, can be adequately
established between relevant market players that the focus of the Commission should be on
the costs charged to retailers by their card processors.
We believe that a continued scrutiny of the interchange fees charged at local and European
level is not helpful for the market, while the actual costs, being charged and that do cause
an issue for consumers and retailers are being ignored.
With regard to three-party schemes, IPSO believes that a level playing field is needed.
While national competition authorities regulate the payments industry, such regulation
should be consistent across the board such that all stakeholders can operate in a fair and
competitive market.
With respect to commercial cards, it is true to say that in terms of the cost of delivery of this
service and the negotiations required with large corporations, the economies are different.
As such it is justifiable that there may be a pricing differential for commercial card
acceptance.
4.1.2. Cross-border acquiring
11
Questions
(4) Are there currently any obstacles to cross-border or central acquiring? If so, what are
the reasons? Would substantial benefits arise from facilitating cross-border or central
acquiring?
(5) How could cross-border acquiring be facilitated? If you think that action is necessary,
which form should it take and what aspects should it cover? For instance, is mandatory prior
authorisation by the payment card scheme for cross-border acquiring justifiable? Should
MIFs be calculated on the basis of the retailer’s country (at point of sale)? Or, should a
cross-border MIF be applicable to cross-border acquiring?
Responses
IPSO is not aware of any obstacles to cross-border or central acquiring in Ireland.
Cross-border acquiring is currently operational with the existence of the international card
scheme brands throughout Ireland for both debit and credit. Irish-based acquirers have the
capability to accept cards from other jurisdictions and non-Irish acquirers are already
establishing themselves in this country, without issue.
The evolution of tools such as Smart Phones and iPads means that cross-border activity will
grow. The relevant interchange is set by the card schemes but local market conditions are
taken into account.
No further action is currently required, in our opinion.
12
It should be noted that both foreign and domestic acquirers operating within Ireland are
required to adhere to the local legislation, rules and regulation regarding card payment
processing.
On the subject of MIFs, the calculation of MIFs should be a matter for the relevant card
schemes and the location of the acquirer (i.e. where the transaction takes place) should be
taken into account, given the varying costs in each country for card processing.
4.1.3. Co-badging
Questions
6) What are the potential benefits and/or drawbacks of co-badging? Are there any potential
restrictions to co-badging that are particularly problematic? If you can, please quantify the
magnitude of the problem. Should restrictions on co-badging by schemes be addressed and,
if so, in which form?
7) When a co-badged payment instrument is used, who should take the decision on
prioritisation of the instrument to be used first? How could this be implemented in practice?
Responses
The benefits of co-badging are numerous including that issuers can offer many options to
their customers including ATM facilities, store loyalty options, transport and ticketing
options, personal ID, etc. etc. However, there may be a potential for customer confusion,
especially where surcharges and restrictions are set by merchants for particular schemes,
card types or payment tools.
13
Laser Card in Ireland is a prime example, where the card is co-branded with the
international scheme Maestro but where a merchant may charge a higher rate for a
cardholder using the Maestro function, over use of the Laser function on the card. The
important thing here is that the industry provides choice for our customers while ensuring
security of payment products / instruments and avoiding customer confusion.
It is understandable that a card scheme would wish to restrict the options on a plastic card
or other payment instrument on which their brand would sit. The predominant scheme
should be permitted to be aware of the other brands and facilities that an issuer is placing
on their payment tools such that they do not affect the reputation of that brand. The issuer,
of course, should have the last word; within reason.
There can be restrictions by some card schemes, but most are justified. They have not been
an issue in the Irish market. Such restrictions should be a matter handled entirely between
the card scheme and their issuing members.
In Ireland co-badging exists on a reducing number of payment cards with the Irish-based
Laser Card Scheme co-badged with the international brand Maestro. The same card is also
co-branded with Cirrus, Link and Plus to facilitate the consumer’s use of ATMs domestically
and abroad. The benefits are two-fold, i.e. the cardholder can use their card at home at
both ATMs and POS but can also access POS and ATMs internationally. There are no known
apparent draw- backs.
Where an issue might arise, and a matter that the Commission does not appear to have
reviewed, is the co-badging of product types, e.g. where a single payment card might have
both credit and debit card facilities. There has been some debate in the market as to who
has the option when a card is presented with some parties suggesting that the retailer
should have the option. It is IPSO’s opinion that the cardholder should have the choice
whether it is their credit card function or debit card that is used during a given transaction.
14
It should be noted that this is not currently an issue in the Irish payments market, but
certainly something to consider for future reference.
In relation to mobile devices, while a number of separately identified payment products, i.e.
different ’apps’, could reside side by side on the device, the same rules should apply with
the co-badging of different payment brands on one individual payment app as to those for
payment cards; although this may be more difficult to police.
The introduction of another new framework would be confusing to the market. There is
absolutely no requirement for another one. The rules for SEPA card processing are already
in place today and are transparent and non-discriminatory. An entity laying out terms and
fees for access to card processing infrastructures could be seen as being anti-competitive. It
would restrict market players and most likely prevent growth and innovation. Adherence to
current clearing, settlement and card processing rules and criteria is currently not an issue.
4.1.4. Separating card schemes and card payment processing
Questions
8) Do you think that bundling scheme and processing entities is problematic, and if so why?
What is the magnitude of the problem?
9) Should any action be taken on this? Are you in favour of legal separation (i.e. operational
separation, although ownership would remain with the same holding company) or ‘full
ownership unbundling’?
Responses
Unbundling of schemes and processes is largely the norm within the SEPA-zone (according
to the various card schemes).
15
Issues may arise for Schemes that wish to compete with processing entities. The
requirement could possibly be seen as anti-competitive possibly?
The case in Ireland is that, in practice, while card issuers are in negotiations with card
schemes they are being offered processing services, but have the option not to adopt those
services and therefore the banks have the choice to accept processing services from the
schemes or to use other parties to do so.
IPSO believes that legal separation is sufficient in this regard.
4.1.5. Access to settlement systems
Questions
10) Is non-direct access to clearing and settlement systems problematic for payment
institutions and e-money institutions and if so what is the magnitude of the problem?
11) Should a common cards-processing framework laying down the rules for SEPA card
processing (i.e. authorisation, clearing and settlement) be set up? Should it lay out terms
and fees for access to card processing infrastructures under transparent and non-
discriminatory criteria? Should it tackle the participation of Payment Institutions and E-
money Institutions in designated settlement systems? Should the SFD and/or the PSD be
amended accordingly?
Responses
It is true to say that under the PSD the new players to the card payments market can and do
become banks in their own right, which avoids the need for a sponsor bank.
16
The experience in Ireland is that this is not problematic as new players on the market tend
to use sponsor banks for their clearing and settlement. The risks should be considered by
the sponsor institution while ensuring that their ‘customer’ complies with a minimum
required set of standards, especially with regard to the security and integrity of the
payments. Both parties should ensure that clearing and settlement is carried out such that
consumers and retailers are not affected by delays in payment, or similar.
IPSO believes that there should be greater controls and a more active role by the regulators
with the new players in the payments market, to avoid any undue risks to retailers and
consumers, while the new parties might be less familiar with the problems that can arise in
the payments system and on handling such risks as fraud, cybercrime attacks; and general
customer queries / disputes.
4.1.6. Compliance with the SEPA Cards Framework (SCF)
Question
12) What is your opinion on the content and market impact (products, prices, terms and
conditions) of the SCF? Is the SCF sufficient to drive market integration at EU level?
Are there any areas that should be reviewed? Should non-compliant schemes disappear
after full SCF implementation, or is there a case for their survival?
Response
The requirement to comply with the SCF has led to the cessation of some smaller national
card schemes. For some countries this has meant that initial processing costs and charges to
consumers and retailers have changed (increased for the most part). That said, the SCF is
important for the future of card payments and should be adhered to by all banks involved in
card payments. Adherence should lead to greater competition (having a set of standards in
17
place means that new entrants to the market can slot in easily to any part of the card
payments chain). After full implementation, non-compliant schemes should be reprimanded
by the relevant authority and their needs addressed, to ensure future compliance.
Certainly the areas of security and fraud prevention should be reviewed on a regular basis to
keep up with the fast changing fraud trends in the card payments market. Future threats
should be considered in more detail.
4.1.7. Information on the availability of funds
Question
13) Is there a need to give non-banks access to information on the availability of funds in
bank accounts, with the agreement of the customer, and if so what limits would need to be
placed on such information? Should action by public authorities be considered, and if so,
what aspects should it cover and what form should it take?
Response
IPSO is not entirely clear on the purpose of this question. Is the Commission asking if
retailers can have direct access to Cardholder bank account information?
Such access to bank account information is a matter for each country while data protection
legislation varies in every one and should be taken into consideration. Customers should be
aware, when dealing with their card issuer, if third parties are accessing their information.
Non-banks currently operating in the card payments arena appear to work without issue
while not accessing account information. If this were to change, there needs to be security
standards in place to ensure the protection of the customer information and the integrity of
the card payments system.
18
All retailers have available to them an online authorisation process which when used
correctly at POS can verify that customers have sufficient funds in their accounts to cover
transactions taking place. There is an obligation on the Card Issuers, through the online
authorisation process, to verify this information in real time. It is in the issuers’ interests to
verify that information. On that basis, we are confused somewhat at the Commission’s
suggestion that the banks ‘may refuse to cooperate’.
If the Commission is referring to third party PSPs which act on behalf of card issuers and
acquirers for various reasons, such as for the processing of internet sales, etc. then there
should be strict agreements in place between those PSPs and the banks in question, with an
emphasis on the security of customer data.
IPSO believes the security of customer data to be of paramount importance.
4.1.8. Dependence on payment card transactions
Question
14) Given the increasing use of payment cards, do you think that there are companies
whose activities depend on their ability to accept payments by card? Please give concrete
examples of companies and/or sectors. If so, is there a need to set objective rules
addressing the behaviour of payment service providers and payment card schemes vis-à-vis
dependent users?
Response
Most e-commerce merchants now have a number of payment options available to them, in
addition to card payments, for example PayPal. Most retailers will choose to accept cards on
19
the basis of cardholder preference as well as for the security (payment guarantee) that they
provide (e.g. 3D Secure).
Regarding rules to address the behaviour of payment service providers, these are already
established by the card schemes / banks. Any issues that might arise are addressed on a
case by case basis.
IPSO believes that there should be greater intervention by the regulator in future as new
third parties enter the payments market, which do not act in accordance with payment
processing standards.
The rules should also be considered to ensure they are not prohibitive, e.g. by inadvertently
making cards the standard form of payment, especially if surcharging is imposed by
retailers, which is done in many instances.
4.2. Transparent and cost-effective pricing of payment services for consumers, retailers
and other businesses
4.2.1. Consumer — merchant relationship: transparency
Question
15) Should merchants inform consumers about the fees they pay for the use of various
payment instruments? Should payment service providers be obliged to inform consumers of
the Merchant Service Charge (MSC) charged / the MIF income received from customer
transactions? Is this information relevant for consumers and does it influence their payment
choices?
20
Response
IPSO believes that provision of this information from retailers to consumers would be
impractical while a full list of economic costs would be needed.
The provision of such information should not be the norm, rather it should be an option for
a retailer in the event a consumer questions the pricing on, for example, a surcharge or
handling fee which may clearly vary depending on the brand of card used or the method of
payment. There should be no restrictions on retailers in providing this information, which
should be entirely a matter for them.
While the merchant should have the option, we believe that it would be difficult for a
merchant to clarify the actual cost of an individual payment card transaction to their
customer given that the MSC paid by them includes a number of things including the cost of
processing a given sale. If a retailer is obliged to provide such information then we believe
they should also be required to provide details on the costs of processing and managing
other types of transactions such as payments by cash, cheques, drafts, etc.
For those retailers which choose to disclose their costs to customers, there should be a
requirement for them to provide accurate details, for example in the case of certain airlines,
the level of surcharging and high fees described to customers as covering the cost of the
consumer using their debit or credit card, should be transparent and true.
It is important that there is transparency around merchant surcharges.
It is also of the utmost importance, as far as IPSO is concerned, that the decision regarding
the payment type should be entirely up to the consumer. Retailers should not be
encouraged to steer cardholders towards one payment method over another – especially if
the forced choice is disadvantageous to the customer.
21
A study carried out by Accenture a number of years ago found that the costs for processing
cash and cheques through the payments system were in the area of 1% of GDP. These costs
included such things as security, processing, handling fees, staff management, bank charges,
printing, etc. These costs are generally not taken into account by retailers in their day to day
work, while their card payment charges are transparent – appearing in print in their
monthly statements.
IPSO believes strongly that if the Commission feels that retailers should be obliged to
provide details to customers on the cost of processing card payments, they should also be
required to give an account of their cash and cheque handling costs.
4.2.2. Consumer — merchant relationship: rebates, surcharging and other steering
Practices
Question
16) Is there a need to further harmonise rebates, surcharges and other steering practices
across the European Union for card, internet and m-payments? If so, in what direction
should such harmonisation go? Should, for instance:
– certain methods (rebates, surcharging, etc.) be encouraged, and if so how?
– surcharging be generally authorised, provided that it is limited to the real
cost of the payment instrument borne by the merchant?
– merchants be asked to accept one, widely used, cost-effective electronic
payment instrument without surcharge?
– specific rules apply to micro-payments and, if applicable, to alternative digital
currencies?
22
Response
- It is IPSO’s opinion that discounts and surcharges offered by retailers should not
restrict the use of more efficient payment methods such as card payments and
electronic payments, over the use of cash and cheques. Surcharges, especially
excessive charges should be justifiable, i.e. they should reflect the cost to the
merchant for accepting a given payment method.
While the PSD offered the option to most countries to legislate against surcharging,
the Irish market chose not to do so. As such, merchants continue to charge excessive
fees for card payments over legacy payment types, while under the (incorrect)
impression that the legacy ones are cheaper for them, e.g. cash.
- IPSO believes that while surcharging is allowed within the legislation in Ireland, the
fees actually charged by merchants to their customers for using specific types of
payments should be transparent, and should not exceed the cost to the merchant
for accepting the payment method in question.
- Regarding merchants accepting one, widely used, cost-effective electronic payment
instrument without surcharge, it is difficult to see how this could be identified by a
single merchant. That is to say that a merchant should be able to accept any
payment method that is available to his customer from their bank or financial
provider. Payment methods should not be restricted to one single type or tool. This
would be restrictive on both retailer and consumer.
- Regarding the suggestion to implement rules for micro-payments, we believe that
there are sufficient rules in place. The card schemes and acquirers offer incentives
through varied pricing arrangements for low value transactions carried out in a
contactless environment. The industry aims to promote more activity on contactless
23
cards for low value payments, and to encourage the use of these payments as an
alternative to using cash.
4.2.3. Merchant — payment service provider relationship
Question
17) Could changes in the card scheme and acquirer rules improve the transparency and
facilitate cost-effective pricing of payment services? Would such measures be effective on
their own or would they require additional flanking measures? Would such changes require
additional checks and balances or new measures in the merchant-consumer relations, so
that consumer rights are not affected? Should three party schemes be covered? Should a
distinction be drawn between consumer and commercial cards? Are there specific
requirements and implications for micropayments?
Response
The current card scheme and acquirer rules provide sufficient transparency on the pricing of
payment services.
The various interchange rates are available to retailers in the public domain, on the websites
of each card scheme. This enables shops to see the cost to their acquirer for processing
transactions under each card type / brand. There is transparency with MSCs where charges
to merchants for management services, terminal rental, till roll costs, customer services,
authorisations, etc. are made clear as a norm and are broken down on the customer’s
statement, as issued by their acquirer.
24
This knowledge enables competition while merchants can shop around for the best value
available to them.
We believe that there is no further change required in this regard.
4.3. Standardisation
Card payments
Question
18) Do you agree that the use of common standards for card payments would be beneficial?
What are the main gaps, if any? Are there other specific aspects of card payments, other
than the three mentioned above (A2I, T2A, certification), which would benefit from more
standardisation?
Response
Yes, common standards are a requirement for card payments. They are beneficial for
current and potential market participants. There is sufficient work being undertaken by the
European Payments Council to develop a minimum set of standards required for all parties
in the card payments market.
IPSO believes that no further action is required at this time.
Question
19) Are the current governance arrangements sufficient to coordinate, drive and ensure the
adoption and implementation of common standards for card payments within a reasonable
25
timeframe? Are all stakeholder groups properly represented? Are there specific ways by
which conflict resolution could be improved and consensus finding accelerated?
Response
These requirements are adequately met through the work of the European Payments
Council Cards Working Group and Card Stakeholder Group. Full engagement is required by
all stakeholders in the POS payment market, to ensure that all relevant bodies input to the
work being done to create a minimum set of required standards.
IPSO is not aware of a conflict currently that needs to be addressed. It should be noted
however that the work in hand to develop the standards should not be force-accelerated as
such a move could lead to inefficiencies and missed steps. Card payments are complicated
and the production of standards for same cannot and should not be rushed.
Question
20) Should European standardisation bodies, such as the European Committee for
Standardisation (Comité Européen de Normalisation, CEN) or the European
Telecommunications Standards Institute (ETSI), play a more active role in standardising card
payments? In which area do you see the greatest potential for their involvement and what
are the potential deliverables? Are there other new or existing bodies that could facilitate
standardisation for card payments?
26
Response
Work being carried out by the EPC Card Stakeholders Group and EPC Cards Working Group
has progressed for some time and is due to be finalised soon. It would be detrimental to this
process to start afresh with a new entity. This would cause undue delays to market players
which are already making changes to processes, systems and rules. There is no requirement
for new parties to play a more active role in the already successful process.
Question
21) On e- and m-payments, do you see specific areas in which more standardisation would
be crucial to support fundamental principles, such as open innovation, portability of
applications and interoperability? If so, which?
Response
IPSO believes that as long as the providers of e- and m-payments adhere to the security
standards and operational rules for payments, there should be no difference in the
requirements here than for any other payment gateway. The work being done at EPC on
standards for payments includes such methods as e- and m-payments, so IPSO believes that
no further standardisation is required here.
Question
22) Should European standardisation bodies, such as CEN or ETSI, play a more active role in
standardising e- or m-payments? In which area do you see the greatest potential for their
involvement and what are the potential deliverables?
27
Response
As per response to Question 20.
4.4. Interoperability between service providers
Question
23) Is there currently any segment in the payment chain (payer, payee, payee’s PSP,
processor, scheme, payer’s PSP) where interoperability gaps are particularly prominent?
How should they be addressed? What level of interoperability would be needed to avoid
fragmentation of the market? Can minimum requirements for interoperability, in particular
of e-payments, be identified?
Response
There are no such gaps. All card payment matters are being addressed sufficiently by the
EPC Cards Working Group, through the SEPA Cards Framework and The Volume (the Book of
Requirements).
Question
24) How could the current stalemate on interoperability for m-payments and the slow
progress on e-payments be resolved? Are the current governance arrangements sufficient
to coordinate, drive and ensure interoperability within a reasonable timeframe? Are all
stakeholder groups properly represented? Are there specific ways by which conflict
resolution could be improved and consensus finding accelerated?
28
Response
IPSO believes that there is a perceived fragmentation of the European market when
compared with the Asian or Kenyan markets for example which are more progressive in the
rollout of m-payments in particular.
IPSO supports payment developments and customer choice. While as an industry we can
provide solutions to consumers, we cannot push usage of the new technologies or payment
tools.
4.5. Payments security
Question
25) Do you think that physical transactions, including those with EMV-compliant cards and
proximity m-payments, are sufficiently secure? If not, what are the security gaps and how
could they be addressed?
Response
Securing these types of payments is a matter for card issuers (to enable their cardholders to
protect their data) and merchants (to protect their businesses). The current EMV standard
has proven to be sufficient in this regard.
Security is critical for new forms of payments such as e- and m-payments. The industry has
invested hugely in security and IPSO believes that all new players in the market need to
meet the existing standards; with a special emphasis on consumer protection.
29
It would be prudent to have a set of industry recommendations and / or standards to ensure
the integrity of the card payments systems, especially while ecommerce card fraud
continues to persist. The Volume, as developed by the EPC, which outline the required
standards should be used for this purpose.
There is no evidence to suggest that proximity payments are any less secure than physical
card payments currently.
Question
26) Are additional security requirements (e.g. two-factor authentication or the use of secure
payment protocols) required for remote payments (with cards, e-payments or m-
payments)? If so, what specific approaches/technologies are most effective?
Response
There are solutions currently available in the market, which are proven, such as the use of
3D Secure, CAPs, etc. These have proven to be successful mitigants to payment fraud.
We believe that there are areas for improvement in security for the online and mobile
payment infrastructures. Unlike payment cards, there is no 2FA equivalent to, for example,
Chip & PIN for online or mobile payments and as such it is only a matter of time before
widespread fraud becomes an issue in this area.
The industry will continue to evolve and to produce new solutions to new payment fraud
trends. There is sufficient policing of the issues currently done by the card schemes and
through the work being done by the EPC.
30
IPSO believes that the industry security standards need to be sufficient, to avoid any
reputational risks. For example, a recent well-known industry project to introduce an e-
payment platform has shown to be lacking in adherence to the minimum security standards,
while it leaves security measures up to each bank. There are solutions available in the
market and it is essential that minimum standards are in place to ensure integrity of the e-
payments process.
Question
27) Should payment security be underpinned by a regulatory framework, potentially in
connection with other digital authentication initiatives? Which categories of market actors
should be subject to such a framework?
Response
IPSO believes that it makes sense to have e- and m-payment security. A minimum set of
standards with which the market can comply would benefit all parties.
To date the self-regulation approach by EU banks has proven to be effective. The industry
wants standards and as such will comply with those agreed by the relevant EPC working
groups and which have been approved by the EPC Plenary. The ECB is represented on all
relevant EPC working groups, providing a neutral position on all matters that may arise.
IPSO believes that no further regulatory frameworks are required in this space.
Question
28) What are the most appropriate mechanisms to ensure the protection of personal data
and compliance with the legal and technical requirements laid down by EU law??
31
Response
Currently all banks consider the security of their customer’s financial data to be of the
utmost importance. However, there should be a distinction made here between personal
and financial data. New players such as Google and Facebook tend not to hold financial data
and perhaps appear to take less interest in the security of their customers’ data.
As the market grows and evolves, data security becomes even more critical. In the future we
can use what has worked to date but new players in the payments market need to be
compliant with the existing security standards into which existing banks and financial
institutions have invested hugely.
IPSO believes that there are appropriate mechanisms in place to ensure the protection of
personal data and compliance with the legal and technical requirements under EU Law,
through local and European governance.
5. STRATEGY IMPLEMENTATION/GOVERNANCE
5.1. Governance of SEPA
Question
29) How do you assess the current SEPA governance arrangements at EU level? Can you
identify any weaknesses, and if so, do you have any suggestions for improving SEPA
governance? What overall balance would you consider appropriate between a regulatory
and a self-regulatory approach? Do you agree that European regulators and supervisors
should play a more active role in driving the SEPA project forward?
32
Response
The ECB is currently involved as an overseer on many if not all of the EPC working groups.
The contribution by the ECB to date has been useful for EPC members and has ensured
clarity on the needs of the Eurosystem with regard to payments systems and compliance
with rules and standards already agreed.
The timelines and work plans of the EPC have worked to date. Any issues which public
authorities have with this should be addressed directly between that body and the EPC,
without the need for the bodies in question to participate in or provide new governance for
the existing process.
5.2. Governance in the field of cards, m-payments and e-payments
Questions
30) How should current governance aspects of standardisation and interoperability be
addressed? Is there a need to increase involvement of stakeholders other than banks and if
so, how (e.g. public consultation, memorandum of understanding by stakeholders, giving
the SEPA Council a role to issue guidance on certain technical standards, etc.)? Should it be
left to market participants to drive market integration EU-wide and, in particular, decide
whether and under which conditions payment schemes in non-euro currencies should align
themselves with existing payment schemes in euro? If not, how could this be addressed?
Response
The EPC Card Stakeholder’s Group sufficiently captures the needs of all stakeholders in the
market, through representation from relevant sectors, including card schemes, banks,
retailers, vendors, etc.
33
The EPC also ensures that any new standards and or proposals regarding changes to the
card payments system are circulated for public consultation, on a regular basis, giving
opportunity to all stakeholders to submit their input to the work being done.
IPSO believes that there is a risk of over-regulation in areas which could lead to less
competition, a reduction in innovation and to costly changes within the market – more so
than there have been already.
Question
31) Should there be a role for public authorities, and if so what? For instance, could a
memorandum of understanding between the European public authorities and the EPC
identifying a time-schedule/work plan with specific deliverables (‘milestones’) and specific
target dates be considered?
Response
Card payments are complicated. To produce a key set of minimum standards and
requirements for all stakeholders takes time while all of the stakeholders need to be
involved, need to make costly changes to their software, hardware and their own internal
rules and operational structures. IPSO believes that the EPC is sufficiently managing the
production of the relevant standards within realistic time frames.
While existing banks are committed to complying with the relevant SEPA requirements and
standards, we are concerned that there is currently no onus on other stakeholders in the
retail market to make such commitments. The Commission should consider how compliance
by these third parties can be achieved. The banking industry has already firmly committed
to doing the work required and to complying with the relevant standards. To ensure a level
34
playing field there should be a method in place to guarantee that new and / or third party
stakeholders achieve the same level of compliance.
6. GENERAL REMARKS
Question
32) This paper addresses specific aspects related to the functioning of the payments market
for card, e- and m-payments. Do you think any important issues have been omitted or
under-represented?
Our comments here are twofold:
- One point that stands out in the Green Paper is the lack of interest for the consumer.
The cardholder insights are thin while the paper appears to take the view of the
retailer / merchant and less so the consumer. IPSO believes that the needs of the
consumer from a cost, efficiency, innovation, security and practical point of view
should be considered further by the Commission.
While public consultations can be issued to certain relevant bodies, it is difficult to
reach the consumer, to get their view and details on their wishes for retail payments
of the future. Perhaps the Commission can seek to develop a mechanism to reach
consumers – to ask their view on card, e- and m-payments.
- The Green Paper appears to hold little regard for the need to ensure that new
players in the market which have not been involved in banking or payments are
compliant with at least the minimum security standards. The safety and security of
consumers is paramount and while banks are heavily regulated in this area, there
needs to be a level playing field such that security of all payments is a requirement
across the board.
35
IPSO Key Messages
IPSO fully supports the goals of the paper including in particular:
- The necessity for consumer choice
- The need for innovation in payments
- The need for customer safety and security, and
- The need for competition in the market
Consumer Choice
While banks and payment providers have a future view of payments and payment types,
none of us can predict what consumers will want to use, nor can we force consumers to use
one payment method or tool over another.
We believe that there should be better communication between payment providers,
regulators and consumers, with a relevant portal for that communication. All market players
should have a relevant channel to help them to understand the needs of consumers better
and to meet those needs, through providing better choices while ensuring security and
safety of the consumer.
Innovation
The speed to market of innovation has increased dramatically in the past ten years,
especially in the area of internet, mobile and contactless card payments. We believe that
the industry should promote the benefits of innovation in payments to both consumers and
retailers.
Regulation and standards should neither impede innovation nor prevent the market in
investing in new payment methods and tools. The market should be encouraged by
regulators to increase acceptance of new payment tools while considering consumers’
needs, through communication with consumers.
36
IPSO believes that consumers should be encouraged by the payments industry to use the
new technologies available to them while ensuring their trust in the systems and new
payment tools.
We believe that the costs for using current and future payment tools should be transparent
to both retailers and consumers and that they should have the choice to adopt new
technologies.
Customer Safety & Security
IPSO believes that the industry needs to provide choice for our customers while ensuring
security of the products and avoiding customer confusion. We believe that certain areas of
security and fraud prevention should be reviewed on a regular basis by the industry, to keep
up with the fast changing fraud trends in the payments market. Future threats should be
considered in more detail by the regulator – on an on-going basis.
Security is key to consumer trust and the industry needs to ensure that customer trust is
upheld today and in the future, as the payments market changes and new methods of
payments become available to our customers.
The industry should encourage not only the secure use of the payment tools they provide,
but the additional tools used by consumers such as PCs, smart phones, etc. There is an onus
on the industry to fully inform consumers on the risks and dangers of payment fraud and
more importantly on the solutions and preventative methods available to them, both
through the payments industry as well as through use of technology such as anti-virus and
anti-Malware software, etc.
37
We believe that this is an area that needs constant review, ensuring the on-going integrity
of the payments market. There are many moving parts within the payments industry and
the provider of each part needs to ensure that their area is secure.
IPSO believes that the industry security standards need to be sufficient, to avoid any
reputational risks.
Competition
IPSO believes that a level playing field is needed for the payments market. While national
competition authorities regulate the payments industry, such regulation should be
consistent across the board such that all stakeholders can operate in a fair and competitive
market.
The EPC SEPA Cards Framework is important for the future of card payments and should be
adhered to by all banks involved in card payments. Adherence should lead to greater
competition (having a set of standards in place means that new entrants to the market can
slot in easily to any part of the card payments chain).
~end~