In the retail world, either online or bricks and mortar, many customers opt to pay using cards, however the procedures involved in processing card payments are inherently insecure. Merchants have to collect and store sensitive information, the card details, so they can request the money from the card issuer at some future point in time. This stored data can be reused to make payments without the card owner’s knowledge making it valuable to criminals and enabling fraud. To overcome this inherent weakness card schemes keep adding more and more complexity to the processes used such as PCI DSS, 3DS, CVV and tokenisation. Even so fraud rates continue to climb so what next? Added to this merchants identify cards as the most expensive way in which they can take a payment.
So is there a better way, can a system be designed that is more secure by design and offers low transaction fees?
Below we look at payment mechanisms built around the use of the recently introduced Open Banking functionality which has the potential to deliver these objectives.
What is Open Banking
The concept of Open Banking has been introduced by regulators partially to stimulate innovation and partially to introduce further competition into the financial services market. Already introduced in the UK, the processes becomes mandatory within the EU later in 2019 and is formalised in the latest Payments Services Directive.
Open Banking allows third parties to either initiate a payment from a bank or to access account details of a customer at a bank. Clearly these activities cannot be performed by anybody at will so the third party provider has to be licenced and the individual who is a customer of the bank has to give their permission.
An Open Banking Option
Collecting a payment using Open Banking seems like a simple process. The first step is for the merchant to ask the customer which bank they want to use. An API call is then made to the chosen bank giving details of who the payment is for, the amount of the payment and details of an account into which the payment is to be pushed. In an online world the customer is then transferred to their bank’s online environment where they log in using the bank’s security, view the payment details and if they are happy confirm to the bank that they can make the payment. And that’s it. The bank sends a status message via the API to the merchant saying the payment has been initiated and, in the UK, sends the money via Faster Payments to the specified account.
In this process there is no sensitive data about the customer presented to the merchant. All the merchant knows is which bank the customer uses. Not having to collect or store sensitive data about the customer means the merchant has nothing worth stealing, nothing that can be reused for another payment so no opportunity for fraud. Gone are the needs for heightened security, encryption or other complexities. Further the payment was made using Faster Payments which is charged at a low flat rate irrespective of the transaction’s value.
The process of executing the Open Banking payment is actioned by a suitably licenced organisation known as a Payment Initiation Service Provider (PISP). Whilst the process sounds straightforward the PISP has to be able to route the request to the customer’s chosen bank, understand the structure of the bank’s interface and also carry out security checks to make sure the request reaches the correct bank. With the UK implementation these elements are well defined within a centralised infrastructure but this is not the case in Europe where banks can individually define their own standards.
With the basic Open Banking process we thus have a process that it inherently secure and as an aside can get cleared funds to the merchant in a matter of seconds. The security aspects themselves though give rise to their own problems. For example take the case where the merchants needs to make a refund to their customer for whatever reason. By design the merchant does not know the account details of their customer and thus has no way to initiate a refund.
Implementing Open Banking can also become an issue for the merchant. Now all payments received will appear in statement data available from a bank. This data will be available electronically but the connection is unlikely to be one the merchant is familiar with, at least in this context. Further the format of the data will be unfamiliar to the merchant.
Unlike with other payment channels a merchant is likely to offer the payments will be received as individual items in the merchant’s bank account. For the privilege of receiving these payments the merchant’s bank will levy a charge for each transaction received. For smaller merchants these charges can be quite high confounding one of the target ambitions of using Open Banking.
Nuapay, Part of the Sentenial group of companies is a licenced Payment Institution and provides payment and associated services to business of all sizes as well as supporting major banks, PSPs and merchant acquirers. Its platforms process over €42 billion each year.
Nuapay has implemented a cloud based service that delivers the benefits of Open Banking based payments and at the same time resolving the short falling exhibited by the base scheme.
From a PISP perspective Nuapay is licenced to deliver all Open Banking functionality within the EEA and as a part of this takes responsibility for establishing the routing and procedures required to give the merchant reach-ability to paying banks in this region.
To cover the gaps in the functionality provided by the base implementation, Nuapay exploits its capabilities as a Payment Institution by routing the payments into an account it manages. Having access to data from the interbank payment clearing system allows Nuapay to provide simple to use refund procedures, alerts for failed payments and an auto reconciliation process. Merchant funds received this way can be transferred to any external account at frequencies that suit the merchant.
As Nuapay processes high volumes of transactions it can offer very competitive rates for processing the payment. This aspect not only benefits the merchant but also lets Nuapay quote a total end-to-end price for the service. This contrasts to the position where the money is paid directly to the merchant’s account as here the service provider has no control over this element of the merchants costs.
In common with all Nuapay offerings the service can be delivered by Nuapay itself or can be white labelled by PSPs or acquirers where the service can be provided in a way that mirrors those used for other payment channels delivered to merchants.
At present Nuapay is live in the UK market. This is possible as the UK Government mandated the introduction of Open Banking sometime ahead of the rest of Europe.
All banks in the EEA will have to provide the necessary interfacing capabilities by September 2019. As these banks become live Nuapay will extend its reach matching the availability.
Looking further afield the concept of Open Banking is becoming a global trend. Most developed economies either have or are planning Open Banking procedures, it thus thought that the benefits of paying this way will develop into a global norm.
Have you thought about what impact Open Banking will have on your payment strategy?
If you would like to learn how other companies are dealing with challenges like yours in a secure and flexible way, we would be happy to schedule a call. We could also talk a bit more about your challenges and opportunities to determine whether or not we might be able to offer some help to future-proof your payment strategy. Discover how we can help shape your business strategy to optimize your payment process by booking your free consultation now.
Nuapay is a pioneer of Open Banking and is the industry’s leading provider of Account-2-Account payment solutions environment. Building upon the trust, scale, and experience of our parent company Sentenial we– who securely process over €42bn every year as an outsourcing provider to many of the world’s leading Banks – and continually we have worked tirelessly to reinvent what’s possible from a modern banking and payment solution.
Today, we offer partners all around Europe the world a fully comprehensive, integrated payment solution that removes all traditional banking inefficiencies and unnecessary costs, saving you time, money and resources at every turn. This is banking as it should be.