Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Payments
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Could regulation changes drive the adoption of mobile payments on all channels?

Recently on the BBC consumers affairs program highlighted complaints being raised by small UK retailers of the costs from transactions where card details are reported lost or stolen after the transaction.  These customer not present transactions are authorised when the transaction is made but are later recalled by a process is known as a 'Charge Back' by the issuer of the card. 

The total costs to small business are estimated at £22 billion in fraud and lost sales. (http://www.discoverretail.co.uk/fraud-costs-uk-small-firms-22bn-a-year)  

These issues have been known for over a decade as shown in this article written in 2003 -http://www.out-law.com/page-406.

This article reviews the options available to the UK regulatory bodies to protect both retailers and card holders paying for items or services remotely.

When retailers experience a transaction 'Charge Back' after the card is reported stolen by the issuer to the scheme.  The retailer usually has to return the funds and incurs the processing costs as well as the loss of the goods from the sale and potentially increased fees for payments in the future.  ‘Card / Customer not present’ transactions can be protected from stolen card chargebacks by ecommerce retailers implementing card scheme protocols referred to as '3-D Secure' on their e-commerce sites.  This protects some e-commerce retailers but not generally the small retailer. 

In the UK Customer not present retailers (e-commerce, m-commerce, mail order and telephone order) are further protected with the use of Address / Post Code verification.  This is not available for international card transactions or in non UK markets.  Therefore some retailers and specific transactions types are not protected as well as being more vulnerable to fraud.  

A card payment transaction can be simplified into two processes. The first process is the 'Authorisation' when funds are reserved / marked against the payment account. The second process is the 'Funds transfer' when the funds are moved from the card account to the retailers account minus the fees imposed by the payment companies involved. The 'authorisation' process is usually conducted when the payment details are received by the retailer and the second process initiated by the retailer at a later time.

One approach for regulators could be to protect retailers by preventing a 'Charge Back' if the card is reported stolen after a successful online 'Authorisation'.  This option is unsuitable as it creates a significant risk of retailers colluding with fraudsters to accept transactions using cards that are stolen.  Thus creating another fraud problem rather than resolving the issue.

A different approach would be for regulators to protect retailers by preventing a 'Charge Back' if the card is reported stolen after the 'Funds transfer' process has completed.  This would provide an opportunity for card issuers and other parties to review the transactions and if necessary take extra steps to reduce the transaction risks after authorisation but prior the funds being transferred.

This option would appears a more suitable option for national regulation and it could be applied to Faster Payment / ACH transaction types as well.  Some methods are available for issuers to contact the customer to confirm the transaction was performed by their card holder.  

Regulators could go further and mandate that issuers protect customers by requiring them to verify customer not present transactions prior to the funds being transferred.  The mandating customer verification of an e-commerce transaction during the authorisation process was the original model for 3-D secure.  This model proved difficult to implement with the card holders dropping out of transactions and not being unsuitable for all the different customer not present channels for transactions.  For example if the transaction is being performed via a voice telephone call then asking for authentication data may create a processes that would not be acceptable to any of the parties involved.

There are now feasible options that could be implemented by card issuers.  Tickvantage has created a process that provides out of band transaction notification and optional customer verification prior to funds transfer process for all GSM mobile devices.

We are also seeing in the US through Apple Pay in app purchasing the use of a fingerprint verification helps with some transaction types but is not suitable for all types of Customer not present transactions.

The issue facing the payments industry is that without a mandates from regulators the status quo will remain.  This is because the card transaction risks and costs for lost or stolen chargebacks are taken by retailers.  This is often seen as a cost of doing business but is in fact a barrier to completion.  This barrier is that the retailer market is reduced only to those prepared to take the risk.  It also increases the costs of goods and services as these fraud costs have to be factored into the retail costs of items.

In a similar way for the UK the use of FasterPayments, PAYm and the ZAP are currently constrained due to the risks associated with the payments.  One risk relates to the retailer being genuine or recipient of the funds being correct.  Therefore, a process where the identity of the person being paid is identified, validated and presented back to the person sending the funds for payments.

Tickvantage provides this and could enable the classic payment terminal to be dematerialised in the future for all payments.

The role of regulation in disrupting the status quo of payments cannot be understated in helping the payment industry innovate and develop further. 

I hope to have presented why if retailers are protected from stolen card details once funds are transferred issuers are more likely to notify the customer and verify the transaction prior to releasing the funds.  Similarly I hope to have presented the advantages this type of transaction notification and verification could aid the development of more advanced retail payments in the near future.

In several years we could be looking back wondering why we still have payment terminals and cards when we get a notification for each transaction and verify transactions simply, conveniently and securely over our mobile phones.

 

2486

Channels

Payments
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 02 March, 2015, 15:40Be the first to give this comment the thumbs up 0 likes

I won't be wondering why. We have cards and payment terminals because the entire infrastructure required to handle the transaction is centered around the retailer / acquirer bank, with the TELCO playing a mere plumbing role, at which most of them are good. Take away the cards and terminals, the success of transaction will depend upon the MNO's ability to put through a round trip message in near real time, with a queue waiting behind the customer. From my experience at various store locations, that's simply not going to happen for the forseeable future, given any MNO's inability to navigate through congestion, blindzones and other dynamic variables.

Report abuse
Join the discussion
Anthony Pickup

Anthony Pickup

Consultant

Capgemini Invent

Member since

23 May 2014

Location

Manchester

Blog posts

15

Comments

12

More from Anthony

Now hiring

See more