The UK’s New Payment System Operator is well adrift of the problems facing UK payment service users (e.g. lack of access to free ATMs, high fees on card payments for merchants, dwindling cash collection services) but it continues to build up its elephantine governance structure, with committees popping up right, left and centre, and sporting impressive-sounding names.
End User Advisory Council, Participant Advisory Council, consultative roundtables on the new products emanating from New Payments Architecture…but very little to actually solve any problems, like Authorised Push Payments Fraud.
One is meant to subscribe to the belief that the new products emanating from New Payments Architecture are actually being demanded by end users. This stretches credibility. It is just too coincidental that these are the same new products that were recommended by the World Class Payments project of Payments UK in 2015, based on their own research and process in 2014.
The sound of end users hammering on banks’ doors to get hold of these new products seems to have been well muffled during the intervening period, whilst on the other hand respect is due to their proponents for guiding them from Payments UK’s World Class Payments project, into and through the Payment Systems Regulator’s Payment Strategy Forum process, and successfully out the other end into NPSO’s New Payments Architecture, and in unchanged form.
Whether this is the right direction for UK payments is another matter.
While all this has been going on, Authorised Push Payments Fraud has been raging unabated, the EU Interchange Fee Regulation has proven to be a dead letter, and cash collection services are being withdrawn along with free-to-use ATMs. And the Visa network went down, and was shown to be using Mastercard’s network for some of its traffic (Source: The Independent), a key departure from a fundamental principle of resilience: different payment networks must be self-contained so as to avoid contagion and single-point-of-failure.
Contagion and single-point-of-failure sit central in New Payments Architecture: all retail payments will clear and settle through one system, the same one as acts as the seedbed for Authorised Push Payments Fraud.
But NPSO has the answer to Authorised Push Payments Fraud, oh yes. It’s one of their new products, called Confirmation of Payee. For extra effort by the payer and probably an extra fee, the banks will then pay the correct payee instead of someone completely different, and of course shift the liability for Authorised Push Payments Fraud squarely onto the payer. That’s World Class, that is, and resilient: the payer won’t have a legal leg to stand on.
Rather than continue to engage with this theatre-of-the-absurd and to try to influence it via NPSO’s beguiling pseudo-consultative processes, our company has decided to go our own way and fashion an alternative vision. Payments is now supposed to be a free market so NPSO is obliged to tolerate a direct competitor to itself. Otherwise it would be a monopoly and that would not be permissible, would it?
We have obtained the funding and support for a design and sense-testing phase for a different way forward, based on the principle of Authorised Pull Payments. This opposes NPSO’s fixation with Authorised Push Payments, and will not have the albatross of ISO20022 XML hanging round its neck.
It will also be incompatible with Open Banking because we set a high value on banking confidentiality, do not believe end users should be encouraged to share their sensitive data with third parties, and do not think it is in end users’ interests to be caught in a triangle where the third party and the account servicing institution can point at one another and leave the end user in the lurch, relying on a payout from some Professional Indemnity Insurance under which they are not named as loss payee. In addition Open Banking has only catered for Authorised Push Payments and is based on unproven contentions of the Competition and Markets Authority and of the European Commission.
Open Banking, defying its name, has also become a component of the NPSO’s market power. The Payment Systems Regulator was established to reduce the supposed nexus of power of the five big banks, exercised in the PSR’s view through Payments UK, Vocalink and the four payment scheme companies (five from the point at which LINK had its own scheme company). In this scenario the payment scheme companies competed against each other to some degree. Open Banking and the ISO20022 Registration Management Group were autonomous or at least quasi-autonomous.
Five banks thus supposedly controlled UK payments at one step removed through seven entities, with some influence over ISO20022 RMG at one further step removed, but without control over Open Banking.
Now two entities exercise dominant market power over UK payments, and these are NPSO and Mastercard, and they control them at no steps removed.
BACS, Faster Payments, Cheque&Credit and UK Payments Administration, ISO20022 RMG and Open Banking are all part of NPSO, a nexus of power based at 2 Thomas More Square in London. NPSO’s plans involve all their payments clearing and settling in Faster Payments, thus reducing or eliminating any competition between the payment schemes. That NPSO belongs to three private individuals rather than the big banks looks like a slippage rather than progress, as the individuals are all NEDdies without any background in payments and are only liable for £1 each. NPSO thus in substance belongs to itself and is an entity with dominant market power over UK payments, ripe for being broken up (whoops – it was only just created).
The other player with dominant market power that has emanated from the actions of the PSR is Mastercard: it is its own regulated payment system and one without a separation of the scheme from its infrastructure, and it runs the infrastructure for LINK, BACS and Faster Payments out of its Vocalink subsidiary.
The PSR’s actions have converted a market supposedly controlled indirectly by five players (the big banks) into a market in which two participants have dominant and direct power. Visa is the only regulated payment system sitting outside this system, when one discounts CHAPS which is now run by its own prudential regulator, the Bank of England, and is not part of the market at all.
This is a market that needs a new player, and one that will address end user detriments as they really are, and not as construed by the Competition and Markets Authority, the European Commission, NPSO, HM Treasury, the Bank of England, the PSR or the Payment Strategy Forum.
As a high priority we aim to clarify – and in a positive way for the end user – that payments fraud is a predicate offence for money laundering. The debate about Authorised Push Payments Fraud has inexplicably overlooked this aspect. A bank handling money that has resulted from such a predicate offence is itself guilty of money laundering. Thus the UK bank that has opened the account that is used by the fraudster must be subject to money laundering sanctions. Let’s not forget that the fraudster has passed that bank’s Know Your Customer onboarding tests.
The specifications of our pull payments services will include that the fraudster, if they have gulled a payer into issuing them with an authorisation for a pull payment, must communicate that authorisation to their bank, and the fraudster’s bank must communicate that to the payer’s bank. The fraudster’s bank is thereby warranting the bona fides of their customer to the payer’s bank and to the payer, and, if the warranty proves to be false, the fraudster’s bank will be liable to the payer in full, and can seek reimbursement from the fraudster as best they can. That will teach them to open accounts for fraudsters. They will also have to put in place a credit line for this right of recourse on the fraudster, compelling them to make a fuller investigation than they would for their non-credit KYC.
That is the benefit of payment services that involve credit risk: they compel the payee’s bank to stand in for their client towards third parties and to carry out proper due diligence on them.
New Payments Architecture is a construct aimed at eliminating credit risk in payments, which is all to the taste of players like eMoney Institutions who are not permitted to extend credit – but why end users should be disadvantaged in order to enable market entry for these challengers is another question that hangs in the air unanswered.
Ours is the polar opposite of NPSO’s direction of travel, and the main objective of our project is to retain and enhance the end user protections that exist today under crossed cheques, the Direct Debit guarantee, and card reclaim in case of merchant non-performance. NPSO’s proposals, on the other hand, threaten to consign those protections to the dustbin. How is that supposed to benefit end users?