The future of payments – a segment in constant flux

There is no doubt that payments as we know them today will change fundamentally. This change requires massive investments but also promises good returns.

The payments sector is undergoing irreversible further development. A clear sign of this is the advance of digital payment methods on the Italian market.

Several trends can be identified at the same time. These include automated payments, digitised commerce, PSD3, instant credit transfers (which should soon be standard), including for cross-border payments, RTP and the management of data flows using artificial intelligence, which will become possible with the move to the ISO 20022 payments standard.

In view of the constant development of the market, a change in strategy is likely in the coming years, which will result in a reorganisation of previous business plans.

Market players are often unprepared for a change of such magnitude, which requires investments as well as skills.

It is therefore not surprising that instead of a consolidation of platforms, an increasing fragmentation can be observed. This is probably due to the fact that the various domestic payment methods, other than the direct debit procedure RID (an Italian payment method based on a standing direct debit mandate, where the instructions given by a specific creditor are executed) which has now been replaced by SDD, such as ICI or MAV (a payment method by means of a payment notification containing the information required to reconcile the payment) and RiBA (a payment method where the creditor's claim to receive a payment is acknowledged) are outside the SEPA system.

While SCT procedures have undergone technological modernisation, many platforms in the commercial portfolio of the largest financial institutions are still in mainframes because they were developed according to the traditional Cobol/CICS/DB2 paradigms.

High-value payments are also in many cases located on the existing, and to that extent not yet abolished, credit transfer platforms; similar to more recent projects such as the TARGET2 consolidation and the evolution of cross-border payments from FIN messages to the MX standard, which take advantage of the converters. This further increases the fragmentation at the application and architecture level.

In such an environment, consolidating platforms within a payment hub can only have a positive impact on system operating costs, the amount of investments required for the development and, last but not least, the lead times for system releases subject to regulatory compliance.

The desired consolidation could also be promoted by the introduction of the new payments procedure Request to Pay within the SEPA scheme, which could be a natural evolution of national payment services such as RiBA and MAV. But we are not yet at that point. It remains to be seen how the Comitato Pagamenti Italia will position itself on this.

Authors: Federico Sajeva, Marinella Pistone, Alessia Giani

Read more

Directory service for Operational EPC Scheme Management

The use of application programming interfaces (API) has created new challenges related to the reachability between participants especially in the context of the SEPA Payment Account Access and the SEPA Request to Pay schemes. Participants must be confident that they are adhering to the scheme and are properly registered with the EPC:

• On the “sending” side, a participant needs to know what the endpoint (URL) of the “receiving” participant is.
• On the “receiving” side, a participant needs certainty that the sender (API caller, originating participant) is trusted.

Therefore, the role of OSM ¹ is to operate a Directory Service for the EPC schemes and make more data available to participants: the URLs, or endpoints of scheme participants’ APIs, identification and authentication information, but also information on which function participants are performing or which functionalities they are offering, within a specific scheme.

Currently the EPC does not manage data and mechanisms ensuring reachability of participants among each other, i.e. how the participants are to find and connect to each other for the purpose of sending and receiving payments or related transactions. The responsibility for this routing function is left to operational entities such as CSMs (Clearing and Settlement Mechanisms, for the payment schemes) or other specialised entities (SPL, SRTP, etc.).

Requirements for the OSM state that data should be machine-readable (i.e., have a structured electronic format) and available as a single full data file including all participants’ data and changes made since the last update or via API calls (restricted to the scheme participants and their technical solution providers), allowing lookup of individual participant data and search values provided in the API request.

For security reasons, it is recommended to authenticate data requestors using client TLS/SSL certificates (PSD2 API certificates are compatible).

If the data is to be made available publicly as a file that can be  downloaded (without need for authentication by the requesting entity), this file has to be signed by the OSM with an electronic signature of at least AdES level (Advanced Electronic Signature). However, it is not required for the OSM to be linked to Certification Authorities (CA) or Qualified Trust Service Providers (QTSP) of the participants for automatic certificate data exchanges.

Data updates can be performed by participants, after authentication, via the GUI or via API calls, and must be fast (i.e. intraday), for instance in case of immediate removal/update of a participant upon request following a certificate revocation or another security issue that could lead to a certificate revocation.

Mandatory data

• Identification and participation data from the EPC Register of Participants
• Legal name
• Address
• Identifier for each scheme
• Participation start date

• Technical and additional data from the participants
• API endpoints (URL)
• API documentation endpoints (URL)
• UID of the certificate(s) and the name of the authority that provided the certificate(s),

• Optional feature(s) supported by the participants
• Contact details to communicate about exceptional intraday update

Optional data

• Commercial/trade name
• Flag indicating the API endpoint type (direct route or proxy)
• Flag indicating the API signature owner (scheme participant or proxy), etc.

Unique identifiers of scheme participants are the “key” values to obtain other information about the scheme participants/proxies (e.g. via API), and for authentication purposes.
TRAVIC-Payment-Client-API can help an OSM or a PSP (ASPSP or asset broker) to connect third-party providers. This API is a stateless Java library enabling a caller to communicate with a financial institution’s payments interface by providing business functions such as querying account information (AIS), balances, transaction data, and submitting payments (PIS) at third-party banks.

 

Author: Zaher Mahfouz

Source: EPC, TRAVIC-Payment-API

¹ Operational Scheme Management

Read more

TARGET2 – The countdown has begun

In October 2022, the ECB announced the postponement of the T2/T2S consolidation by 4 months to 20 March 2023. It did not really come as a surprise to the banks, as it had already become clear in the weeks before that the new platform was not yet capable of what had been imagined. Resentment among the banks grew significantly. This was not only felt in the German market, but also at the European level. It was therefore not surprising that, in addition to Germany, the French national bank, another major player in the processing of TARGET2 payments, had indicated its status as "red" in readiness report query.

The signals from the other European countries were no better. Some central banks reported "green", but this was rather the exception. Since June, it had become apparent in the status reports that a go-live in November was being viewed increasingly critically. The main points of criticism were the test platform, which had been unstable for months, the unmanageable number of errors and defects, and the extremely time-consuming creation of master data in the Common Reference Data Management (CRDM). Particularly the large banks which act as co-managers for their indirect participants had to deal with a considerable amount of work here. The instability of the test platform was no help, and cost unnecessary effort. Another point was the installation of Go-Sign in the technical infrastructure of the banks, which is indispensable for the release procedure and ensures access to the new interfaces of the individual T2 services. This has also led to additional work for banks that had not been foreseen, especially in connection with distributed work environments (which have become more common due to Covid). By the end of 2022, individual banks were still struggling with this and had not been able to install and activate Go-Sign. Many have been able to use the newly found time to finalise these activities.

But what does the postponement mean for the banks and for the ECB? The answer to this is ambiguous. Reactions in the market were mixed. The big financial institutions would have liked the go-live to take place as planned, even considering the likelihood of considerable complications. But they were prepared to put up with that. For other banks, a go-live would have ended in disaster, as it was foreseeable that the necessary activities could not be completed by the time of the go-live. Ultimately, however, concerns about the stability of the Eurosystem were decisive for the postponement. It is hard to imagine what would have happened if, for example, SEPA payments could no longer be processed because banks were unable to provide liquidity in time.

The ECB has been working fast to improve the points criticised by the banks and to eliminate the defects classified as critical with hotfixes. But for the banks, this meant that testing had to continue. Even banks that had already successfully completed the mandatory testing activities could not sit back and wait, but continued testing in their own interest. Unfortunately, it turned out that with the delivery of fixed defects, new errors had crept into the new version.

Nevertheless, it is clear that not all bugs and defects will be fixed by the time of the go-live. Financial institutions must therefore be prepared for the fact that not everything will work smoothly from the start and that workarounds will have to be used. But which bugs have been fixed and which have not? What workaround must be prepared for? This too, at least that is what the banks hope, will be communicated to them in good time by the ECB. Because this has been another point of criticism in recent months: lack of communication and transparency.

The Sword of Damocles hanging over everything was the go/no-go decision that was made on 22/02/23. Even though the signs had turned in the go direction, there was still no certainty that another postponement would not be needed. Since SWIFT had already clearly communicated beforehand that they did not want to postpone their own migration again, the situation would have arisen that SWIFT would have already migrated to ISO 20022 while TARGET2 would still have had to be supplied with MT messages. This mixed operation would have caused major problems for many banks, especially those that forward payments in their function as "intermediaries", as many implementations implicitly relied on a simultaneous conversion, and a separation would only have been possible with renewed effort.

In recent months, SWIFT has been working intensively on the handling of cut-off data, i.e. data truncation. SWIFT has developed corresponding recommendations and rules, but banks could well do without them. A compliance department in a financial institution is likely to break out in a sweat at the idea of truncated or even deleted data in a payment transaction. In times when regulation has increasing influence and impact on banks, this scenario is unthinkable. But unfortunately, the reality is that this is exactly what can happen, especially in the initial phase when all participants have to get used to the new situation.

The bottom line is that the T2/T2S consolidation has turned out to be as complex as was feared from the beginning. The number of banks that have to manage the migration is enormous and the most sensitive area of all, the Eurosystem, is affected. Nevertheless, there is reason to look forward to the changeover date with confidence. The last few months have given banks more faith again, as the measures introduced by the ECB have increased optimism. It is also important to bear in mind that the activities will not be completed with a go-live, but the banks will have to continue them immediately – the next release has already been announced by the Eurosystem for June. So there is no time for banks to take a breather – the pressure remains unchanged and the next issues are already around the corner.

Sabine Aigner
Thomas Ambühler

Read more

Instant payments coming to Switzerland as of 2024

Potius sero quam numquam
The translation of the above quote from Titus Livius, a Roman historian at the time of Emperor Augustus, is: "Better late than never.", which could also be said about the introduction of instant payments (IP) in Switzerland. As of next year, Swiss banks with a transaction volume of more than 500,000 incoming payments per year will be obliged to enable the receipt of instant payments in Swiss francs. From 2026, this regulation of the Swiss National Bank will apply to all participant banks in the national clearing system operated by SIX. What distinguishes the Swiss approach from SEPA instant payments? How could IP in Switzerland become the "new normal" like in the Netherlands? Is a scenario with low penetration like in Germany also likely in Switzerland? How are the Swiss banks currently proceeding? These are the questions that the following blog post will attempt to answer.

What differentiates IP Switzerland from SEPA instant payments?
In short: IP Switzerland is not compatible with SEPA instant payments. IP Switzerland aims to be able to settle payments in Swiss francs among participants in the national SIX clearing system in real time and around the clock for the launch in 2024. In order to not obstruct possible future interoperability in euro for the SEPA area, the majority of the standards and processes of SEPA instant payments were adopted. In contrast to the European model, the obligation to receive payments has existed in Switzerland since the beginning (initially for large and medium-sized banks, then for all banks). Analogous to the institutions in Europe, the technical challenges regarding the high availability of payments systems are also enormous in this country and are associated with large investments in the infrastructure. There is also widespread scepticism by banks as to whether IP will represent a business case for the institutions.

IP Switzerland like IP in the Netherlands or like IP in Germany?
Looking at IP offerings from the customer side, it is striking that there are huge differences in the spread of instant payments in Europe. This is what makes the forecast for the banks in Switzerland so difficult. On the one hand, they want to amortise at least part of the investments in the new infrastructures with a fee on IP payments, and on the other hand, they are aware that this is precisely what will prevent nationwide distribution among customers. Accordingly, new use cases are sought where all parties involved achieve a benefit. One possible approach is new account-to-account payment schemes (A2A payments) in commerce instead of the card schemes (debit and credit) widely used in Switzerland. From a retail perspective, as in the Netherlands, this is a promising option as lower transaction fees are expected. From the banks' point of view, this is a double-edged sword at first glance, as the existing card schemes are currently generating good revenues.

Implementation experiment: realisation in the community
In the context of instant payments in Switzerland, it is worth mentioning the procedure for implementing instant payments within a group of cantonal banks that compete with each other. At the beginning of 2022, the cantonal banks of St. Gallen, Thurgau, Aargau, Baselland, Lucerne and Solothurn formed a community to jointly implement the project. This is against the background that all banks have an almost identical system landscape, which must be adapted to the requirements of IP. Under the "construction management" of PPI Schweiz, in a first step, a conversion system analysis was carried out with the system suppliers involved, including the request of offer outlines. The aim was to achieve volume discounts for the group. Currently, the institutions are also working together for the implementation in order to save resources (their own and those of the suppliers). When it comes to the market offer, each bank is on its own again for the introduction in 2024; however, the development of the technical basis is not a differentiating factor from their point of view. Which is a novelty in the Swiss financial market.

Author: Carsten Miehling

Read more

Mandatory address transformation: getting through the address mess with AI

Anyone who has ever sent a letter abroad knows that address formats can sometimes differ significantly. While in Germany an address usually follows the scheme

Street – House number – Postal code – Place of residence,

in France, the house number is usually placed in front of the street name. Things get really complicated when, for example, instead of a neighbouring country, the letter is sent to Asia, where completely different structures are used. Or take the USA: the United States Postal Service requires more than 200 pages to describe how US addresses may look – which formats and abbreviations are permissible and which are not.

Financial institutions also address countless parties around the world in payment transactions every day. The reason for this is that for payments outside the European Economic Area (EEA), the payer's address must be given and the recipient should also be indicated for smooth processing. This serves to enable the necessary checks, for example with regard to money laundering and fraud prevention.

The enormous diversity of address formats worldwide was not a major factor up until now. Because addresses are specified in an unstructured manner. Within the payment file simple fields in which the address is supplied as free text, the address lines (AdrLine), are available for this purpose. Only the name must be specified separately.

SEPA 2.0 puts an end to this. Because in the future, address data must be delivered in a structured form – for all SEPA payment formats. The changes will come into force gradually as of November 2023. From November 2025 at the latest, address data for SEPA credit transfers may only be delivered in structured form. And the challenges are not purely European: Swift and other market infrastructures have the same deadline. For payments within the EEA, the provision of address data remains voluntary. However, if banks decide to provide it, this must also be done in a structured way.

This means: in future, every component of an address must be included in the designated field. The Payment Markets Practice Group lists a total of 14 characteristics that can be assigned to a postal address.

The example shown in the figure is simple. Because everyone in Germany knows that 9 is the house number and Wiesenweg is the street name. Converting this data into the new format takes only a few seconds – provided that the application has the corresponding option.

But even then, the transformation would be a massive undertaking. Because financial institutions are sitting on millions of address data records that have to be transformed. And such simple addresses are the exception. If one estimates the required activities, a simple calculation quickly yields an effort of up to 250,000 working hours for an average financial institution with 500,000 corporate customers. In addition, there is the expense of training to equip staff with the necessary expert knowledge of the worldwide address formats.

In view of the scope, efficient approaches to solutions are therefore required. Regular expressions are out of the question in this case. As shown above with the example of the USA, the possibilities of address data even within one country are manifold and do not follow a regular structure. In addition, countless test data would be necessary.

Another option is address data services, for example from Google. However, those are not only expensive, but also questionable from a data protection point of view. Moreover, such services are often limited to certain regions or even countries.

An application based on artificial intelligence (AI) can provide a remedy. This allows data to be automatically transferred into the necessary structure. The AI is able to recognise structures on the basis of predefined training data and to transfer these structures to further cases.

We at PPI are happy to help financial institutions prepare and implement the transformation of address data. This includes the selection and adaptation of the appropriate AI application as well as the choice of the necessary training and test data.

In the end, the institutions receive a powerful and reliable solution from which not only they themselves benefit. Because corporate customers will also have to supply address data in a structured form in the future. Financial institutions that take the necessary transformation off companies' hands can gain a tangible competitive advantage.

Author: Eng.D. Thomas Stuht, Product Manager at PPI

Read more

Survival in a time of change

Same same but different – in 2023, the abundance of challenges in payments remains equally enormous. What makes the situation even more difficult, however, is the impression that procrastination effects seem to be spreading on the bank side. Important issues are simply not being addressed. This applies both to the implementation of upcoming mandatory tasks and to the exploitation of business opportunities that arise.

The most underestimated mandatory task for 2023 is the implementation of the inconspicuous EU Directive 2020/284 "as regards introducing certain requirements for payment service providers". The directive on the prevention of fiscal fraud in cross-border e-commerce for goods and services requires payment service providers to report certain payment data. The details are quite complex: an additional, rather intricate reporting system with its own interfaces to the Federal Central Tax Office has to be set up. Data not previously available must be collected and reported: for example, the identifier of the payment recipient's location, such as the IBAN. If available, the address data and tax numbers of the payment recipient must be transmitted. The reporting obligation applies from 1 January 2024. The number of banks that have set up such projects is very limited to date. Considering that financial authorities are not exactly known for their sense of humour, this seems rather bold.

SWIFT requires structured data
Not quite as urgent, but similarly complex, is the SWIFT requirement to process only structured address data of customers in payments from November 2025. The regulation affects banks as well as end customers. It implements requirements of the leading industrialised countries to combat embargo violations, terrorist financing and money laundering. It is recommended to switch to using only the structured data as early as 2023. This will likely affect several million data records in Germany alone which are not available in this form. Banks should therefore already develop communication plans and technical implementation scenarios in the coming year – with AI support where applicable.

It is a sad but industry-accepted truth that 50 per cent of payments operating costs are for regulatory compliance and another 25 per cent for process and technical infrastructure maintenance and adaptations. It is therefore not surprising that financial institutions often lose sight of earnings potential and opportunities.

Request to Pay provides opportunities
For example, an offer that combines the still young standard Request to Pay with concrete use cases such as electronic invoices has enormous potential for banks. If banks were to offer their corporate customers the processing and handling of electronic invoices and the corresponding payment requests, they could reduce their costs – including the reconciliation of incoming payments – by around ten euros per invoice. In this context, banks could generate lucrative transaction fees, while at the same time further strengthening the business account as core of the customer relationship and, on top of that, make a significant contribution to sustainability.

The decisive success factor for corresponding services is cross-bank accessibility. It is therefore all the more gratifying that such infrastructures are already emerging in the market. It is expected that from 2026 onwards, only electronic invoices will be permitted throughout Europe anyway.

TARGET2 consolidation: "all hands on deck"
So much for the underestimated topics. Not underestimated are the preparations for the TARGET2 consolidation, which has been postponed to 20 March 2023, and the start of the SWIFT migration to the ISO 20022 format. This date should remain fixed, because another postponement of the TARGET2 consolidation would probably have the nasty consequence that TARGET2 and the SWIFT migration would diverge.

Mass payments will also be characterised by the implementation of new regulations in 2023, such as the EU regulation on the mandatory introduction of SEPA instant payments and the introduction of the latest ISO standard for all SEPA payment schemes. The latter will not only have an impact on the payment file and payments systems themselves, but will also affect peripheral systems like, for example, master data systems.

Fraud prevention for real-time credit transfers
The EU Commission's proposal for the mandatory introduction of SEPA real-time credit transfers presented at the end of October 2022 is currently the subject of in-depth discussions and lobbying. Among other things, there is intensive discussion on whether payment service providers must offer their customers a matching of account number and name. The background to the proposal is the finality of SEPA real-time credit transfers in seconds. This makes them vulnerable to fraud and is to be counteracted by the possibility of checking whether the IBAN in question really belongs to the payment recipient before the payment is sent out. Successfully combating fraud attempts is becoming a key factor in the success of instant payments.

The widespread establishment of real-time credit transfers does not only affect payment service providers who have not yet offered the instrument, but also the active players. The reason: since real-time credit transfers must not be more expensive than conventional transactions in the future, market participants expect their share of all transfers to rise from 10 to at least 30 to 40 per cent. This trend is promoted by the rising interest rate level, which rewards the holding of credit balances again. But if the number of transactions grows by at least a factor of three, all the payment service providers whose real-time infrastructure has so far been based on makeshift solutions will run into difficulties. A corresponding check is therefore urgently required.

In retail payments, the pan-European initiative EPI – with a meanwhile limited scope of services as an account-based P2P and e-commerce procedure – faces important fundamental decisions at the turn of the year 2022/23. This concerns, for example, the questions of whether the cooperative finance group will rejoin the EPI and whether and how the initiative as a whole will move forward.

New use cases for retail payments
The key service providers in the retail payments sector will continue to work on improving their capabilities in 2023. The issuers will, for example, further develop the girocard for e-commerce. Many payment service providers are working on supporting various omnichannel concepts, not least as a result of the Corona pandemic. The focus here is not only on the now generally known use cases such as click & collect, but also on

• The use of online payment methods at the point of sale, such as buy now, pay later,
• The support of franchising and cooperation models, for example cross-channel and cross-company returns, and
• The evaluation of customer behaviour across the various touchpoints.

In October 2023, the ECB's analysis phase on the digital euro will end and the Governing Council will likely decide to start the realisation phase. Since the digital euro is currently being designed as a retail euro, various banks in Europe are already working in parallel on the introduction of so-called tokenised commercial bank money in 2023.

How can the financial institutions – in view of the shortage of skilled workers as well – cope with the enormous number of tasks? It will only work if the willingness to cooperate across banks increases, standard solutions become more widespread and outsourcing is also considered. There should also be a growing willingness to renew the foundations, if necessary, instead of continuing to build on existing legacy systems while ignoring the "technical debt".

Those are a lot of projects to cover already – and we have not even talked about the impact of the coming DORA regulation, accessibility regulations and the PSD3 looming on the horizon.

Author: Hubertus von Poser, Head of Consulting Payments, PPI AG

Read more

Stablecoins blog post series – part 1: background

If you deal with the subject of cryptocurrencies, you will inevitably stumble across the topic of stablecoins, and the question of what exactly stablecoins are quickly arises. In this series of blog posts, we want to take you on a brief, condensed journey through this topic.

A stablecoin is a cryptocurrency that is stable to a certain base currency. The most common use case is in the area of crypto trading because the (cross-border) clearing between crypto exchanges can be processed faster with stablecoins than via the classic payment channels. In addition, they are becoming increasingly popular in emerging and developing countries due to their stability of value compared to local currencies.

In short, the benefits of a stablecoin can be summed up in four main points:

• Value reference and medium of exchange for trade
• Protection against exchange rate fluctuations
• Generating interest income in the area of decentralised finance
• Fast and limitless payments

Algorithmic vs. collateralised stablecoins
There are two different types of stablecoins: collateralised stablecoins and algorithmic stablecoins:

In the case of collateralised stablecoins backed by USD, the company behind the stablecoin deposits USD in a bank and issues its stablecoin. The aim is to achieve 1:1 cover. In the case of algorithmic stablecoins, only an algorithm tries to keep the exchange rate between the stablecoin and the underlying asset (e.g. USD) constant.

After the collapse of the algorithmic stablecoin "TerraUSD" in May 2022, there is only one really significant algorithmic stablecoin left: MakerDao's "DAI".

Collateralised stablecoins are usually issued by crypto exchanges. The biggest stablecoins sorted by market capitalisation are Tether, USD Coin and Binance USD. Together, they reach a total market capitalisation of around USD 130 billion (as of Nov. 2022).

Stablecoins digitally represent the value of an underlying asset on a 1:1 basis and are considered digital money. They are often covered by USD bank deposits, US government bonds or other securities. If one remembers the so-called gold standard, it is easy to recognises quite intentional parallels here.

Advantages compared to classic payments
The advantages over classic payment systems are that stablecoins are accessible to everyone worldwide and around the clock. The transaction fees are low, and cross-border payments can be made quickly and easily. A credit transfer is also possible without KYC and without the involvement of a bank. All that is needed is a smartphone with an Internet connection and a digital wallet of the currency.

As mentioned at the beginning of our article, in addition to crypto exchange traders, more and more people from emerging and developing countries have a particular interest in stablecoins.

Many emerging and developing countries are struggling with high double-digit inflation rates. The own national currencies continue to lose value against the US dollar. This also affects the trust of the citizens in the respective countries. In the recent past, many of these countries experienced a so-called "bank run".

A bank run or banking storm occurs when investors want to withdraw their deposits from their banks as soon as possible. If several or all banks within a market economy are affected, this is referred to as a banking storm or banking panic.

Governments were therefore forced to close local banks. For local citizens in such a situation, stablecoins can become an attractive alternative to their domestic currency to protect themselves from financial impasses.

In various situations, stablecoins can therefore be a practical solution to problems that cannot be solved or can only be solved poorly in the FIAT system, or may even be a way out for citizens in times of economic difficulties. However, where there is light, there is also shadow. And we want to look at that with you in part 2 of our series.

Authors: Philipp Uhinck, Benjamin Schreck

Read more