The EFA welcomes and fully supports the Commission’s plans to put forward a legislative initiative on instant payments to promote adherence to SCT Inst. Legislation is necessary to further accelerate the uptake and roll-out of instant payments in the EU, as current industry effort has not been sufficient enough. In view of the upcoming legislative proposal on Instant Payments, the European FinTech Association (EFA) would like to feed into the ongoing Commission’s work on the legislative initiative and draw the Commission’s attention to the following issues.
You can find the full EFA’s position in PDF here.
Mandatory Adherence to SCT Inst
- If instant payments are to become the “new norm” then the availability for users to both receive and send instant payments needs to be near ubiquitous.
- Large PSPs should be mandated to adhere to SCT Inst to ensure the required critical mass for instant payment uptake.
- Some proportionality, for example, in the form of longer implementation deadlines or two-stage sequencing, could be introduced for smaller PSPs.
The EFA observes with concern that only 33% of commercial banks in the SCT scheme have adhered to SCT Inst. Although the EFA acknowledges that there is no ‘one size fits all’ prescription for instant payments implementation, the Commission should draw lessons from countries that have been successful in attaining what the Commission is working towards: a viable and universal instant payment method that adds convenience for consumers, lowers costs for merchants, and increases financial inclusion. Any potential exemptions considered in the “negative scope” cannot run counter to this ambition of universal coverage.
At a minimum, larger PSPs such as commercial banks should be mandated to implement appropriate standards of end-user access to SCT Inst. It is crucial for the ambitions of the Commission that the largest retail PSPs are mandated to join so that adoption by consumers and merchants attains the required critical mass for instant payments to become a viable alternative payment method. Larger PSPs have the resources to facilitate transition into instant payments more easily than smaller scale providers. As such, these PSPs should be required to both send and receive instant payments in a shorter deadline than smaller PSPs to whom the two-stage sequencing possibility could be offered. Offering the universal possibility of delaying the offering of sending instant payments will only further hamper the uptake of Instant Payments which requires universal coverage on both ends of the payments value chain. It is worth noting that countries with high uptake of instant payments, such as Hungary and the United Kingdom, have made it – explicitly or implicitly – mandatory for PSPs to adhere to their respective instant payment schemes.
The EFA acknowledges that PSPs with niche business models in which for users both on the sending and receiving end of a payment do not put a high value on its instant debiting and crediting of funds could be subject to a lighter touch mandate. Additionally, we also believe that smaller PSPs could be given a larger period to transition to an instant payments offering so that the necessary investment costs do not stunt their growth, given they have less resources to quickly abide by a mandate to adhere to SCT Inst.
Although the EFA acknowledges that there is no one size fits all prescription for instant payments implementation, especially considering the multi-jurisdictional nature of the EU, the Commission should draw lessons from countries that have been successful in attaining what it is working towards: a viable and universal instant payment method that adds convenience for consumers, lowers costs for merchants, and increases financial inclusion.
- For example, in Brazil’s instant payments success story (Pix), commercial banks with over 500,000 active accounts were mandated by the Central Bank not only to adhere to Pix but also to integrate Pix in their online banking and app offerings in equal conditions to other payment methods. This latter mandate is what enabled Pix to become near-ubiquitous in less than a year, bringing cost savings for financial institutions, consumers, and merchants, while promoting financial inclusion. The Pix rulebook requires that the participants offer the end-user — through a safe, simple, and intuitive experience — a convenient way to carry Pix’s transactions: initiation, reception, return, end-user authentication; as well as Pix alias’s registration, deletion, portability, and ownership claim.
Fees and pricing of instant payment transfers
- The transactional fees for euro instant and regular credit transfer should be equal.
If instant payments are to become the ‘new norm’, they should not be more expensive/offered at a premium cost in the short term compared to regular credit transfers, as it would curb their adoption. Processing costs of instant credit transfers will go down with scale as adoption grows. As Milne (2006) argued, a shared payment infrastructure is a public good from a PSP’s perspective which creates incentives that lead to under-provision. As such, left to their own pricing decisions, PSPs will charge a premium for instant credit transfers. Despite appearing as the rational decision from an individual standpoint, this might lead to a socially suboptimal outcome since it curbs adoption, which is the key factor to the PSP’s investment decision.
For instance, when SEPA regulation was first introduced, cross-border payments were more expensive to process than domestic transfers, but the equalisation of fees accelerated the uptake of cross-border transactions that made them less expensive for PSPs to process. We believe that the same equalisation approach should be taken for instant credit transfers.
IBAN verification, consumer protections measures
- Payment certainty is a key feature of (push) credit transfers and one of the main drivers to ensure merchant take-up. Where further measures to improve protection and security are needed, they should be implemented in a way that does not create unnecessary obstacles in the payment flow.
- Confirmation of payee should not apply when the payee is known to the PSP in the payment process.
- Further data sharing should be possible in a fraud-mitigation context.
The EFA believes that verification should be done by the payer as he is the one who runs the risk of incorrectly inputted IBAN information. In case of a mistake, the payee has the incentives to accept funds regardless of the source. The method chosen to ensure that the payer’s PSP has access to the information should be the most convenient, fastest and safest in terms of data protection.
The success of instant payments for retail payments will not just depend on being “free to the payer”, but also on being “final to the payee”. Payment certainty is one of the key features of (push) credit transfers and one of the main drivers to ensure merchant take-up. Given the track record of SCT-based Retail Payments (e.g. iDEAL, Sofort, Trustly, giropay, eps, MyBank, etc.), there is no apparent need for card-legacy style chargebacks or UK-CoP (Confirmation of Payee)-style protection measures. Where further measures to improve protection and security are needed, they should be implemented in a way that does not create unnecessary obstacles in the payment flow.
For example, CoP can provide greater assurance to consumers that their payments are going to the intended recipient. However, CoP should not apply when the payee is already known to any PSP in the payment process. Any buyer protection above the legal standard should remain a commercial activity, allowing competition and the possibility to use superior technology in providing higher protection at a lower cost. Additional legal protection can be added, e.g. via delegated acts, if and when required, but not before.
- The experience from some of our Members implementing the Confirmation of Payee (CoP), the UK’s version of IBAN verification, shows that it has been a useful tool to reduce the number of misdirected payments. However, an increase in social engineering undoes some of the benefits CoP has to offer, which could be addressed by increased data sharing in an industry forum to learn from other institutions’ best practices. With CoP, the responsibility lies with the sending institution, which is short-sighted. There should be a fair exchange of information, as this would allow both the sending and receiving institutions to make judgement calls on slowing down payments. For example, Payments Authority Pay.UK is looking to introduce another API which will include an enhanced fraud model to address some of those issues, but other jurisdictions looking to implement similar account checks could make sure these issues are avoided from the start. Throughout the implementation of CoP, our Members had to conclude that onboarding with different banks individually was the most problematic part as this required a bank-by-bank approach, which would be highly inefficient on a pan-European scale. Having learned from the UK CoP experience, we would highly recommend a centralised approach (either via a central API or database).
Furthermore, in the EU, GDPR – or data protection more broadly – issues are being raised as one of the reasons we should not look at IBAN verification. For some industry players, it’s unclear whether the interplay between fraud data sharing and GDPR would allow for a service like this to be implemented. The EFA would encourage the Commission to proactively come out to support data sharing in a fraud context, which will benefit consumers greatly.