Community

It's clear that payments depend on a few providers.

Managing that risk in the UK is the key challenge to PSR, FCA, Bank of England and Pay.UK.

The €108trillion figure is cashless not contactless (easy slip). €108tn relates to a UK GDP of about €2.5tn. Put it in context, that's €18m of payments per inhabitant of the UK. That's still quite a lot.

I think the mastercard acquisition of Vocalink was very timely and focussed. The Earthport acquisition may be as well, but it relies on  control of remote accounts for the most part and I'm therefore not clear these are rails, more bogeys. In any case, schemes should spend money while they have it, anticipating that the golden years are coming to an end for the cards market.

We should, of course, keep an eye on concentration of risk in a few providers. After the Visa outage last year,it's clear s

Some good points on the PISP interface discussion, but don’t overlook the other end of the transaction. Remember that payments is a two-sided market and it may be that merchants will rewardconsumers (and commercial payers) out of the transaction cost savings. With good fraud prevention, which we expect PSD2 & CMA9 Open Banking to deliver, fraud provision will be small, but other disputes must be handled well-enough if not using card/credit protection. Don’t assume that consumer benefits aren’t there because they’re not being provided by their PSP, and don’t forget that merchants need benefits too.

Bob, that is a good point. There were three directors at formation and as of December 18 2017 a sole director was notified as a person of significant control - Mr Stansbury. That situation has not been notified to Comapnies House as having ceased so we must assume that this is stil the case. 

As Sarah Rutherford, asks  "Even if he's extremely virtuous, what would happen if he were to die? Would Bacs PS Ltd and Faster Payments Ltd become part of his estate?". Indeed. How would those assets get assessed for probate purposes?

Given there is now another director who professes to be a Risk Management specialist, you'd imagine that is a risk he's considered.

In any case I  do, fervently, wish Mr Stansbury well; the alternative is inconceivable.

Extended to all _consumer and SME_ PSD2 products, not into the corporate world yet. Is that because it assumes that the corporate world is well served for open banking interfaces? In any case, PSD2/Payment Services Regulations 2017 makes no distinction in this regard between consumers and legal persons.

One key area of overlap is PSD2 Article 97-1 (c) which covers the need Strong Customer Authentication in the case of a remote action by a payment service user with a risk of payment fraud or other abuse.

This says that in those cases where a PSU is remotely requesting an action from their PSP which might result in abuse, they have to strongly authenticate it's really their customer, as I guess we'd expect.

I think this was designed for things like change of address or re-issue of bank cards but it also applies to data subject access requests under GDPR. I'd vuew this as applying to all remote channels including post and telephone.

So if you do make a request for all your data, rest assured, your bank will know it's you.

The surcharge issue starts to disappear with PSD2/Payment Services Regulations 2017 - legislation trumps scheme rules.

Re: FPS kills Bacs, I seem to remember a statement from a government body that simply said that once Direct Debits moved to FPS, Bacs would no longer have a life. I'm uncertain that any business would pay the per-transaction fees that are charged to businesses for FPS payments, even if they were made in under 15 seconds. 

We shall see whether the new payments architecture can embrace all the use cases. At the moment I don't see the "conditional payment" (where I give a school a cheque for a trip that they cash only if it goes ahead) being met.

Screen scraping is a red herring, but I agree with the EBA. The move to TRA for corporate payments, anonymous payments and removal of references to ISO20022 may be more significant.

@AP, I think customers have a part to play. For example Jeremy Clarkson's decision 10 years ago to publicise his sort code and account number in the belief that people could only make payments to him, resulting in a direct debit falsely set up against that account.

I don't disagree with the other anonymous responder that user experience is also important and security measures which are disproportionate will not gain customer buy-in (my point around incentivisation). 

In the world of e-mail, we continually receive phishing message; does that mean we shouldn't ensure that customers understand the need to be aware of them and implications of not being vigilant?

Education is important but without incentive to act it will only ever be limited in effectiveness. How do we get consumers (and businesses) to care enough about digital security?