Could Cardless Payments using PISP be the future of transactions?
The way organisations take payment today is about to change, cardless payments are set to become an even larger part of the transaction landscape, especially when using PISP services.
Seismic movements in financial regulation have set consumers on a path to manage their bank accounts and pay businesses in ways unthought of just a few years ago.
Debit and credit card payments are storming ahead of cash, in fact in the UK just in January 2020 there were 1.6 billion transactions on debit cards alone, over 35,000 payments a minute. Unfortunately fraud has grown too and the cost inevitably falls to the merchants receiving payment.
Many people are unaware still today of the cost to a company of receiving payment by card.
Over the past decade governments around the world have been working to increase competition and improve security in the financial sector.
The European legislation (adopted by the UK) that came into force on 14th September 2019 not only reduces fraud as well as monopolisation of consumer accounts, but whether intentionally or not, it is set to change the way payments are taken by organisations worldwide.
Todays cardless payments
Today the majority consumers in the UK pay by debit card. Second up is cash, and third is credit card. Cardless payments made by digital wallets and apps on phones and smartwatches are also becoming much more popular with the convenience of accessible technology.
We are all familiar with the process of taking our card out, tapping it against a terminal for a contactless transaction, or using chip and pin for a more secure one. We also make payments online, typing our card information into a web form when checking out, or paying over the phone by reading out our card details to the operator, although lately, with products like PayGuard®, you type your card details into your telephone keypad to improve security and compliance.
All the above a pretty convenient right? Well, for the consumer they are. For the merchant taking the money, they aren’t.
First of all organisations taking card payments pay a lot of money to do so. The amount ranges based on the company that supplies the payment facility, the type of cards payments are taken from, the volume of transactions processed each month and the risk posed to fraudulent transactions and chargebacks.
Then there is the Payment Card Industry Security Standards Council, that imposes a Data Security Standard that every merchant must comply with, in order to combat fraud and secure their customers’ sensitive card information. The cost of complying with this is not insignificant, and neither is the risk of non-compliance. Despite the PCI DSS, card fraud is still on the rise, with over 2.5 million fraudulent transactions in the UK in 2018.
And let us not forget timing. While as a consumer we consider payment is made the instant we are told ‘your transaction has gone through’, payment is often received by the merchant days after the card transaction is processed.
But, despite these difficulties, organisations are taking payments by card more than any other method. Well, that is until a challenger arrives. And it looks like one just has.
New legislation has paved the way to help organisations take online and phone payments in a whole new way, including cardless payments.
The Payment Services Directive first raised its head in 2007. A second version, PSD2, came into effect on the 14th September 2019, and three areas within it are set to challenge the status quo.
Strong Customer Authentication
The first is Strong Customer Authentication (SCA), which is set to combat card fraud for Cardholder Not Present (or CNP) transactions. This will require single electronic payment transactions to be authenticated by at least two of the three following methods:
- Knowledge: something only the consumer knows, such as a password.
- Possession: something only the consumer possesses, such as a token or mobile phone.
- Inherence: something the consumer is, such as a biometric element (e.g. fingerprint).
While any initiative to tackle fraud should be welcomes, businesses that rely on a friction-free checkout process will find that their conversion drops, and unfortunately this could impact them more than fraud does.
Also, fraud will shift to transactions taken over the phone, as these become the least secure, and this will require organisations to either give up on phone payments harming their revenue, or comply with the PCI DSS which an overwhelming majority currently do not, despite the requirement to do so.
The birth of the AISP and PISP
The PSD2 also encapsulates the framework, often referred to as Open Banking, for two important new service providers:
- Account Information Service Providers (AISP).
- Payment Initiation Service Providers (PISP).
Our bank account transaction information can now be accessed by any company that has the technical capacity to access it, and that has our authorisation to do so, using the account information service framework.
You may have experienced this is practise, with your bank offering to show you transactions from any other bank account you may hold, or your accounting software offering a ‘bank feed’, to automatically import your transactions.
A plethora of financial technology companies have jumped on this and created some really useful apps to help you, for example, identify yourself to third parties, manage your money better or invest in the markets.
This is where it really gets interesting for organisations taking payment online or over the phone.
A PISP is allowed, using technology, to initiate a payment from a customer’s bank account to the organisations bank account. In order to complete the transaction, the customer simply logs in, and confirms, the transaction. In order words, the customer completes a process that, for most people, is akin to paying by card.
For an organisation to receive payment in this way it costs them in the ballpark of half the price than it would if they received payment by card. Considering this comes of the top line of a company’s revenue, this is a significant saving.
Secondly, these transactions are authenticated by the customer as the customer must effectively login to their bank account, either online or through their smartphone app, and this means than it makes fraud extremely difficult.
Because the payment is not processed using the card framework, chargebacks are not possible. Furthermore, the payments are made using the Faster Payments scheme, meaning that the money is received by the organisation in under two hours, and typically within 10 seconds.
PayGuard® is an example of a technology company adopting the AISP and PISP framework to benefit businesses of all sizes by enabling them to get paid immediately, at a low cost, while reducing fraud. More information on our pricing and packages can be found here
What’s next for cardless payments?
Initially, adoption of the Open Banking framework which encompasses AISP and PISP services is likely to be with companies that pay high rates on card transactions, organisations that are unable to obtain reasonable merchant facilities, and early adopters of technology.
Sooner after, as awareness grows, more and more companies will acquire the capability to take Open Banking payments through apps like PayGuard®, especially considering the ease of integration and deployment.
The benefits for the merchants are clear and this offers organisations a strong reason to drive the adoption of this payment method.
With the introduction of SCA the process for the consumer of paying by Open Banking, or Cardless Payment, is set to become simpler that paying online by card.
Already biometric technology like fingerprint and facial recognition is commonplace in any new smartphone, and with ‘silver swipers’, those aged 55 to 75 being the fastest-growing adopters of smartphones making accessing your bank account as easy as looking at your phone.
Cardless Payments using PISP services are a genuine contender to replace the debit or credit card as the method of choice on many transactions.