A wide variety of solutions are available

Solutions based on instant payment are very different from one PSP to another, whether in terms of the type of customer – company, retailer, individual or even bank – or in terms of the type of solution proposed.

Let’s take the case of ACI Worldwide, for example. This PSP has made the decision to support banks and financial institutions in the development of their instant payment offerings. As such, it offers “a single solution that can connect to multiple instant payment systems worldwide, such as EBA RT1, ECB TIPS, STET, NL Equens, UK Faster Payments, Hungary Giro HCT Inst, US TCH; US Zelle, UPI India, Singapore FAST, Australia NPP and Malaysia RPP.”

But its offer is not limited to simple connectivity to these systems. It offers a series of business packs, such as a liquidity management module to provide control and reporting of the liquidity position of the bank with the scheme, a business intelligence module to perform real-time queries on payments and run reports, and even an exception and case handling pack to manage cancelation and return payments as well as manual payment entries. It should also be noted that ACI proposes “an acceptance solution for both proximity and e-commerce aimed at retailers and other PSPs.”

Other stakeholders, such as Ingenico, Market Pay, Bridge (created by Bankin’), Linxo and Fintecture, have a Payment Initiation Service Provider (PISP) license and ultimately wish to offer retailers the combination of SCT Inst and a payment initiation. Ingenico recalls that “online payment will be targeted initially, as this is the easiest scenario to implement at present due to SCA (Strong Customer Authentication) constraints.” Proximity payment will arrive soon afterwards, but probably with limitations linked to the facts that not all banks are yet accepting SCT Inst, some are making their customers pay for it, and strong authentication is not always possible in a proximity context.

The instantaneousness of payments is also a challenge for businesses. In this regard, Market Pay offers its customers “two financing modalities tailored to each retailer’s strategy. In the interest of cash flow or guidance, some wish to be financed as and when, while others prefer a one-time payment of funds, together with the accounting reconciliation report. In all cases, Market Pay sends an instant notification to the retailer as soon as payment is made by a customer. This enables them to start preparing the order without delay.”

Finally, some stakeholders wanted to be part of a different approach and combined, for example, all account-to-account payment methods: direct debit, transfer and instant transfer. SAFEDEBIT, the solution developed by Score & Secure Payment (SSP), belongs to this last category. It can already be used online and in proximity, and SSP specifies the customer journeys envisaged: “In proximity, the retailer/company has the possibility of associating our bank transfer payment system with a physical identification support, such as a brand card. The private payment card is a co-branded card that enables the customer to pay for their purchases within the brand network that issued the card to them. This card provides the possibility of initiating a payment coupled with Instant Payment. Online, the Internet user chooses SAFEDEBIT upon payment. They will be presented with a list of banks, from which they select their bank. The customer will then be directly redirected to their online banking space, identify themselves, and then validate the transaction using the authentication device retained by their bank.” For its part, Serrala is working on request-to-pay following its recent acquisition of AcceptEasy, a Dutch fintech. Created and delivered on-the-fly from an ERP, a CRM or an AR system, request-to-pay must enable the sender to be notified in real time if and when a payment has been successfully initiated. The sender can immediately act accordingly: shipping goods, activating a last minute travel insurance policy or preventing an unwarranted summation or late fee. “Real-time confirmation is essential,” Serrala says.

APIs are essential to the development of payment initiation

In light of these developments, an obstacle remains. “Banking APIs are the big challenge right now. Few can actually be used for payment initiation, although improvements have been made lately. The standards only have the name, so many banks have interpreted the rules of the Payment Services Directive (PSD2) and its specifications in different ways,” says Ingenico. Linxo also follows in this direction and states that “the lack of governance around implementation of the different API formats (such as disparate interpretations, separate enlistment processes and rules) makes it difficult to view them as a mean of normalizing the connection.” As a reminder, PSD2 requires banks to supply APIs in order to enable payment service providers to connect to their systems. Except that the legislator has not specified a standard at the European level. PSPs are, therefore, constrained by the development of these APIs and by the progress of discussions on their standardization.

There is a fragmentation of standards today, and there are a multitude of initiatives in Europe: the Open Banking Standard, the Berlin Group’s NextGenPSD2, the STET’s PSD2 API, and the Polish API standard, to which the technical specificities of each banking stakeholder and some proprietary APIs must be added.

Fintecture says that it has had to “integrate more than 2000 APIs from European banks.” This enormous undertaking enables it to assess the quality of the proposed APIs and, although operational, there is still room for improvement. Fintecture specifically states that “STET has one of the best standards in Europe.”

These uncertainties have a strong impact on PSPs, and some stakeholders like Verifone are still undecided as to the development of their solution. Others recall that, due to the lack of availability of these APIs, they have not yet initiated payments. Some, like SSP, have decided to use a stakeholder with expertise in this area, and have partnered with a company that provides them with an open-banking platform.

Learning from more mature markets to control fraud

When it comes to payment initiation fraud, PSPs indicate that they have not observed any major cases following the implementation of SCT Inst, “but volumes remain moderate,” as Bridge, created by Bankin’, points out. However, the experience of other markets suggests that an instant payment service can be an easy target for fraud, and it is essential that appropriate measures, such as real-time fraud monitoring and detection, be deployed.

ACI states that “there are many types of fraud attacks related to instant payments around the world,” and that “one of the most recent and fast-growing developments is Authorised Push Payment (APP) fraud,” which involves fraudsters tricking their victims into willingly making a bank transfer, via instant payments, to a specific account to which fraudsters have access.”

By learning from more mature markets for real-time payments, such as the UK, data shows that fraudsters react rapidly to counter measures. UK Finance’s latest data illustrates the in behavior. Initial attacks combined phishing technics with the exploitation of relatively weak authentication procedures to access online bank accounts. Phishing attacks peaked in the UK in 2012 as UK banks implemented stronger and more effective authentication strategies. From 2012, fraudulent attacks rapidly shifted towards APP fraud and more sophisticated social engineering strategies, exploiting vulnerabilities across all channels. However, 90% of the fraud is committed over digital channels, with 93% of fraudulent transfers going over the UK Faster Payments network.

A solution involving heavy investment

For PSPs, investments in an instant payment solution can be structured around three main categories. First, compliance with the PSD2 European Directive. Prior to starting activities, it is necessary to obtain approval from the banking supervisor (ACPR – Autorité de contrôle prudentiel et de résolution in France) in order to carry out the payment services. Then, connection to the interbank systems. The solution must be connected to a real-time clearing infrastructure and/or an open-banking platform. Finally, the development of in-store and online e-banking application software. Integration with the retailer’s/company’s e-banking application software, in-store (payment terminal checkout software, etc.) and online (CMS, PSP, etc.) must be planned. Bridge points out that these investments can “represent several tens of millions of euros.”

In conclusion, all PSPs agree that in order to encourage the general public to adopt SCT Inst, it is essential that, in the future, the cost of payment initiation rely on the retailer, not on the private individual. However, some banks charge their private individual customers between €0.50 and €1 for this service, and this represents yet another obstacle to the development of instant transfer.

Read our new Payments Report – Shifting to faster payments

Redbridge’s 2020 Payment Report is a source for trends and insights into today’s dynamic payments environment. This second edition presents how various stakeholders position themselves in the payments industry and explores topics related to innovative payments, instant payments, e-commerce and fraud mitigation.

Contributions from treasury practitioners, bankers, payment service providers and vendors are coupled  with in-depth analysis from our treasury consultants.