StakeholderPriorities/PSPOutreach

If there were a standard way to communicate payment information between web applications and browsers, what opportunities would this create for your business?

Response A

Overall, it would be positive due to ease of deployment for all parties including web developers, merchants, PSPs and processors. For the consumer, standards would stabilize the workflow for the consumer making it easier to understand what is happening at various stages of the purchase process and hopefully provide additional safeguards for data protection as well as fraud prevention. Security standards are required to be followed in the coding process under the PCI SSC for applications called PA DSS, Payment Application Data Security Standards, and the deployment of applications and hardware under PCI DSS, Payment Card Industry Data Security Standard defined to protect the data processed by all parties in the payment channel introducing stringent standards of the deployment of hardware and software in a certified environment and the ongoing monitoring of that environment. Secure standards that can be audited in a PCI audit would significantly improve the overall reliability of web based payments.

• For the ordinary Internet shop via the typical psp where a merchant e-shop redirects payments to a trusted psp or processor?
  • NOTE: This is the recommended method by most security experts today to avoid the risk of merchants being exposed to payment data and thus the risk of breach.
  • A standard in this space should ease the installation and maintenance process for the web developers at both the merchant and the PSP/Processor/Acquirer allowing merchants to choose a standards based tool matching with the that of the service provider. Speed to market, ease of switching, opening web based payments to a greater audience due to ease of integration, etc. are all positives saving the ease of changing vendors.
• For mobile, as you might imagine, the business is being defined by a few hardware/software vendors and card accepting networks that through what were good intentions are creating an environment defined in a way that blocks other market players. Thus, standards would level the playing field. Moreover, there remains significant risk that data collected at the browser level for future use is being stored using methods that may or may not be suitable. Strong encryption that never exposes cards in processing is fundamental. Defining accepted methods for card data handling, encryption and storage is essential to secure web based payments.
• For in-app purchases, the above competitive concerns apply in those captive environments while the data security risks are likely greater at the handset level if data is stored there and even more worrying is the case where the card data is stored in central or cloud based servers under inferior security protocols.

A key opportunity would be to standardize across the various hardware devices (PC, tablet, mobile) and the various payment methods (cards, direct drafts, wires, etc.). This would bring direct payments into the mainstream.

What concerns might you have?

Response A

• Disintermediation due to ease of changing acquiring service providers.
• Market manipulation by browser providers to dis-intermediate other players…..much the same way it is described in 2 above yet an opposite result.

What is the most important service you would like to provide your retail customers but cannot yet do so because of a technology obstacle? What are the reasons (e.g., lack of interoperability, cost of deployment to multiple devices, lack of standards,lack of adequate security, etc.)?

Response A

• Direct payment, account to account (this also requires payment network standards for clearing and repudiation).
• Acceptance across various markets in Europe and the world due to varying standards by market or processor in each country or region on a global basis.

What are the most important value added services (e.g., loyalty) that you would like to build on top of future payment systems?

Response A

• Security with user authentication.

What other mobile payments use cases are you working on and when do you plan to deploy solutions?

Response A

• Tokenization.
• Direct payments

What non-mobile Web payments use cases are you working on and when do you plan to deploy solutions?

Response A

• Credit transfers

What Web technologies do you support in your payment applications? (e.g., OAUTH2).

What are the primary obstacles today that prevent you from deploying “credit transfer” (push) payment schemes?

What are the primary obstacles today that prevent you from deploying “credit transfer” (push) payment schemes?

Response A

• Lack of standards.
  • Europe has defined standards under SEPA and the PSD. It will happen in Europe.
  • US is approaching the issue from a market driven solution perspective. Banks are not motivate to turn loose of this revenue stream. Explains all the disintermediation attempts by PE and VC funds supporting new payment apps.

If you are involved in faster payment initiatives, are there new Web technologies that you believe are important to success?

Response A

• Security
• Implementation/interface standards.

In your region, if there are open API regulatory requirements, are there new Web technologies that you believe are important to success?

Response A

• Europe has open requirements for web payments. It strongly supports and encourages account to account transfers as opposed to cards. New security standards for EU service providers are underdevelopment.

What issues (technical, legal, developer, etc.) lead you to choose native mobile platforms over Web applications? Are there specific Web capabilities whose absence is limiting delivery of services?