New mobile payment systems pose regulatory, security challenges
SPECIAL REPORT / An updated Payment Services Directive (PSD II), to be published by the European Commission this month, will struggle to cover regulatory and security challenges posed by a range of new mobile payments services expected to explode onto the European scene over the next two years.
The new rules form part of the Commission’s broader aim to promote a single European Payments Area (SEPA) and will seek to create a more competitive payments card market that reflects the explosion in the use of online and mobile payments.
According to a draft of the new rules, the EU executive earmarked as a key source of concern “the legal vacuum for certain newly emerged internet service providers, such as third-party service providers offering online banking-based payment initiation”.
This legal vacuum risks impeding innovation and appropriate market access conditions, according to the paper, and the EU executive therefore proposes bringing them within the ambit of the regulation and giving such new operators decision-making powers within a reformed governance structure for SEPA.
Mobile payments take many forms
"Digital wallets" can refer to a wide range of new applications offering simple payment methods to consumers as they gain popularity in Europe.
A key difference distinguishes wallets that act as a software platform to the consumers' existing banking cards and facilities, and those that offer a distinct payments service.
MasterPass and Google Wallet are examples of open systems that enable users to access their banking cards using software.
Google Wallet requires Near Field Communication (NFC) technology, only available on certain smartphones and tablets, but both services allow users to link to their existing cards through their mobile phone to make transactions in shops.
At the moment these services are much more popular in the United States.
Apple’s Passbook, by contrast, enables users to manage movie, concert, airline tickets and loyalty cards, giving users information and time-based notifications on when tickets or coupons are nearing their due date. Unlike Google Wallet and MasterPass, however, users cannot use their debit or credit cards to make transactions.
Paypal offers users with an email address the chance to send and receive payments online, and has also entered the mobile payments market.
New directive covers third-party providers
Although the new PSDII regulation hopes to catch all these new types of payment methods within its regulatory scope, there are doubts about how far innovations might be able to elude the new rules.
“Market-based solutions are the best way to ensure a competitive payments landscape. However, if there is to be legislation it is crucial that all parties operating in the payments space, including third-party [such as Amex and PayPal] and domestic schemes, are included to ensure a true level playing field,” said Jason Lane, who leads MasterCard’s European market development.
But such regulation of digital wallets is only one side of a multifaceted regulatory challenge, with security issues also to the fore.
Dunhill has developed a ‘Biometric Wallet’ so secure the company claims it is “virtually indestructible”. When closed it has a locking mechanism that can only be opened by the owner using a fingerprint scanner on the back of the case. The Biometric Wallet can be linked to a mobile phone and if the phone is more than five metres away from the wallet an alarm sounds.
The danger to digital wallets lies not with pickpockets and thieves but long-distance hackers able to enter online accounts.
In the United States, where mobile payments are more widely used than Europe, mobile phones were targeted in more than 40% of all robberies in New York and 38% of all robberies in Washington last year.
“It’s a simple formula for crime: no password plus instant access to online accounts equals fraud, identity theft and privacy loss,” said Robert Siciliano, chief executive of the security website IDTheftSecurity.com.
The European Payments Council – the decision-making body of the European banking industry whose main task is the development of SEPA – on 2 July published a white paper on mobile wallet payments for stakeholder review over the summer.
The paper is intended to help lay the foundations of a secure ecosystem to enable all payers and payees to make and receive mobile payments across SEPA.
Today, mobile wallets are in the early stages of development. No one knows exactly how the mobile wallet marketplace will evolve in the coming years. Harmonisation and interoperability of systems and security issues will be key to how much trust Europeans place in them.
The Payment Services Directive (PSD) was adopted by the EU in 2007, but an explosion in e-commerce through the internet and the ownership and use of smartphones has taken place since then.
In the meantime the European Commission has conducted a long series of antitrust investigations in the payment card market, targeting in particular Multilateral Interchange Fees (MIFs).
A commitment by the Visa card company to cap its debit card MIFs at 0.20% was made legally-binding in December 2010. But proceedings relating to consumer credit MIFs continued until the company committed to cap its inter-bank credit charges at 0.3% of the value of the transaction in May 2013. Such a cap may thus become legally binding later this year.
Meanwhile the Commission has also been investigating MasterCard, and recently opened new proceedings investigating its inter-bank fees and cross-border acquiring.
>> Read our LinksDossier: Payment Services Directive: The new payments landscape
- July 2013: European Commission expected to put forward legislative proposal for a Payment Services Directive update (PSD II), accompanied by impact assessment report.