Community

OK I get the point that the scammers are very good at what they do, they sound very credible and trick consumers. Reimbursement is indeed patchy when the originating bank questions what more the consumer could/should have dome. However the new UK Fraud Strategy published yesterday makes no reference to pursuing the financial institution that set up the receiving account, the £60k in this news item. We are not punishing banks with poor AML/KYC checks. Follow the money.

So which organisation is Which? suggesting should reimburse the cardholder who was the subject of an APP fraud scam? The bank that hosts the customer's account from which the monies were taken with the cardholder's agreement, or the financial institution who opended the account that receievd the fraudulent funds, i.e. the fraudster. The challenge is we are not preventing APP scam issues, we are just shifting liability from a customer who was "tricked' to their own bank.

Regretably, we have recognised the potential for adverse impact on both merchants and card users as the result of SCA and EMV3DS2.x. Different scheme approaches, different timelines, complex rules and technical requirements, unanswered questions put to the EBA and still managing signficant uncertainty on rules, specifications and technology options. This was supposed to drive greater security, convenience, transparency and user confidence. What have we let loose on payments in Europe?

Common sense is eventually being applied here, albeit very late in the day. SCA is very complex, its implementation across so many stakeholders needs to be viewed as not dissmaliar to the historic national implementation of chip and PIN across Europe. The specifications, guidance and clarification of implementation requirements have been slow in delivery and refinement. It requires the partipcaption, engagement of and communication to all stakeholders. Further to earlier comments and observations, the UK is definitely not alone in flagging these SCA related concerns, all European markets are having similar discussions on "are we really going to be ready by 14/09/19, when will we realistically be ready, what needs to happen, what needs to be communicated and to whom". The real implications of poor understanding, not being ready and the threat of penalties for non-compliance would have significant negative imapct on merchants and consumers as the end users  - not just issuers and acquirers. It has taken strong industry pressure to get UK Finance and FCA to recognise that we collectively are not ready but must have a realistic plan on readiness and compliance with EBA requirements. A suggested delay of 18 months to compliance enforcement will enable stakeholders more time to implement. However, ongoing monitoring and pressure will be critical to ensure parties do not leave everything to the last minute. There will be no more delays. The proposed delay in enforcement after 14/09/19 must be used to ensure that we continue to focus on reducing fraud, educating merchants and consumers and getting the implementation right to minimise adverse impact for merchants and consumers.

Though I welcome the thought that we really are moving to a cashles society, I do believe that the 2020 estimate is a little ambitous. However, on the basis that the round £1 coin loses its legal tender status later this year (October) and I believe many unattended payment kisoks are unable to accept the new £1 coin, what a surprise, I could and hope to be proven wrong. 

Contactless, at least in the UK and Europe, was seen as a way of penetrating lower ticket value items, but the desire seems to be to push the limit ever up. Why would issuers want to simply cannabalise their existing card volumes with contactless? The whole challenge is to increase the size of the pie in terms of card usage, displace other payment methods first, make top of card etc. etc. Agree that education is critical here, for both merchants and consumers. Ignorance and misunderstanding are still common. With scheme mandates for contactless-enabled devices we should see an improved national picture on contactless and not one skewed to the south east and especially not one skewed by Transport for London.

Agree. The discussion is being deliberately confused and clouded to meet other business drivers from key stakeholders. Why would you install a security door and not draw the bolt. EMV chip alone gives you counterfeit protection, and this is critical where fraud is meerily mag stripe-read and issuer-authorised. EMV chip supports offline and online authorisation, based on parameters set by the issuer and acquirer. So it will go online in the US. No problem. Signature is broken and has been for as long as I have been in payments. It is like no CVM at all, which is also a common even preferred option in the US. That said, PIN verification, whether on or offline, gives you far superior lost/stolen protection, where the fraud will migrate to. Consumers are not daft, they can remember a PIN, theres just a lot of credit card holders in the US to educate. Is PIN as a CVM fall-proof? Not 100%. Cardholders forget that "PIN" standards for Personal Identification Number, you are supposed to keep it secret. As seen elesewhere, there will be more spam emails, shoulder surfing, PIN compromise attempts at ATMs/POS, illicit cameras, etc. There will be concerted attempts to compromise hardware, software, security standards, certification, even the manufacturing process, etc. We have learnt a lot as an industry over the past 20+ years, lets share and use it wisely. There are still plenty of other weak spots in the payment process. The challenge is you manage risk through a layered solution approach, EMV chip and enhanced CVM options is just another example of that.

So significant reduction in costs to be realised by merchants, with no guarantee that these benefits will be passed onto the consumer. Other market developments demonstrate this. Reduction in interchange and loss of revenue to card issuers begs the following questions, where and how will issuers make up at least some of the difference/shortfall - from the customer? What will happen to innovation? Is there sufficient bandwidth in these rates to incentivise security and innovation best practices? As acquirers are increasingly more transparent and interchange becomes a lower figure as a value, will it not just highlight their own ineffiencies by exposing acquirer processing costs? Is it true that only large merchants understand the ramifications of interchange reductions, therefore smaller merchants will continue to subsidise? It is worth noting that as it stands today, Visa debit rates in the UK are temporarily higher than previously, before they are reduced again.