Published on 7th January 2023
Our recent research paper on Britcoin examined several of the failures in the digital payments industry that have gone unresolved.
The paper is entitled ‘CAPTURE – BigTech and Digital Payment Giants dominate the committees evaluating the replacement of physical cash with ‘Britcoin’ – a UK ‘Central Bank Digital Currency’’.
You can find a click-through to the full paper here:
The new digital nirvana called Open Banking turns out to have fostered Authorised Push Payment Fraud, and not just because one type of Open Banking intermediary – called a Payment Initiation Service Provider or PISP – enables the fraudster, obtaining the customer’s credentials for their relationship with the PISP, to empty all of the customer’s current accounts in one go. That version was discussed in my other blog as well as in the major paper:
It now turns out that the other type of Open Banking intermediary – an Account Information Service Provider or AISP – is also contributing to fraud even though it is meant only to aggregate statements from a customer’s different banks.
AISPs are selling on the customer statements they collect to third-parties.
The immediate third-party may not be a scammer, but there is now a marketplace in this data, and eventually some of it comes into the possession of a scammer. The scammer is then able to contact the account-owner posing as their bank and the account-owner is all the more likely to believe the scammer if the scammer can recite the details of recent transactions over the account.
Whatever limitations the account-owner believes bind the AISP, either via the General Data Protection Regulation or in their contractual Terms and Conditions with their AISP, are being bypassed so that the AISPs can earn money. There is limited revenue to be had from providing the core service, and the AISPs’ venture capital investors are getting increasingly demanding, so the crown jewels – customers’ bank account statements – are being sold on.
The other major problem area in digital payments – felt in the first instance by retailers – is the deductions-from-face-value on card payments. Retailers receive, through their merchant acquirer and some days later, an amount that is the sale value diminished by several lines of fees. The fees are not limited to the ‘interchange fee’, an element whose size is capped by the EU Interchange Fee Regulation 2015/751 of 29th April 2015 (the IFR). The IFR made it clear that the term ‘interchange fee’ meant any and all fees deducted from the sale proceeds at the level of the merchant acquirer, other than the direct fees of the merchant acquirer itself as negotiated and agreed by the retailer with the merchant acquirer.
The IFR caps the interchange fee at 0.2% for debit card transactions and 0.3% for credit card transactions. The deductions experienced by UK merchants are normally in a range between 3-8% with a minimum deduction in a range of £0.35-0.70. The aim of the IFR was to avoid (i) the false subsidy enjoyed by card payment actors due to their fees not being transparent and negotiable; and (ii) the inflationary effect of the deductions whereby retailers increase the price of goods and services to all buyers in order to recoup the fees the retailers suffer when some of their buyers pay by card; and (iii) benefits being made available to cardholders by their card issuers that are paid for by retailers and higher prices for all.
We are miles away from enjoying the IFR’s intended benefits, and the efforts of the digital payments industry to wean users off cash and cheques have increased the usage of cards, increased the deductions-from-face-value, and increased the size of the problem.
These substantial problems imposed on the UK by the digital payments industry must be resolved – and in favour of UK businesses and consumers – before the digital payments industry is permitted to inflict more damage, be that in the form of Britcoin or in an expansion of the scope of Open Banking.
The digital payments industry is lobbying for two increases in the scope of Open Banking: (i) to bring savings accounts within scope, meaning scammers will be able to clear those out as well as your current accounts; and (ii) to introduce Variable Recurring Payments, meaning all sorts of parties will be able to get hold of any money coming into your current and savings accounts before you do, be they car lease companies, HM Revenue & Customs, scammers, credit card companies, utility companies and so on.
The VRP authorization can be understood as a Direct Debit Mandate lacking key safeguards: (i) there is no Direct Debit Guarantee, under which the account-holder has an unconditional right lasting 42 days to get their money back; and (ii) an amount limit: variable is what it says.
That’s the future promised by digital payments: the customer takes all the risks, the industry gets the revenues, and it’s all automatic so the industry has next-to-no costs. The costs fall on wider UK society.