Steve Percy
President, Diolkos Commerce Solutions
Jan 2022
Current payment products are excellent. There has been a lot of innovation applied to payment solutions to meet specific commercial needs. Ease of payment and collection improves cash liquidity and adds stability to the system and successful businesses keep their eye on this ball. But not all of the best services are cost effective for all. And there are issues, some of which are problematic.
But don’t worry they say. Real-Time and Crypto will fix, improve, speed, reduce, protect, rid, move us forward, … and the world will be a better place. The ballad will continue.
Studies and articles on the Pro’s and Con’s, Benefits and Challenges, … review the state-of-the-union in payments as they exist from the perspective of either the Small Business, the Corporation, or the Customer, Payee’s (Collectors) or Payor’s (Consumers). They look at the products from the same viewpoint and the same issues that have existed for the last 20 years. Friction, timelines, costs, what is the best option for the payment scenario you need today ?
So… what is “really” wrong with these longstanding and successful payment products ? Product Management people know. The knowledgeable customers know. They consistently raise the issues and we share and explain the challenges of why improvements are delayed.
We can only do so much. Product people have many constraints in resources that limit their ability to improve their lot. Legacy services have momentum. EXCO 101 rules are don’t mess with the cash cow. And customers, payment users, are just as guilty in resisting change. Changes to their systems and staff processes are just as challenging. They are running smoothly thank you very much.
Well, the Product Management and Customer Support people will enjoy the lists below. They know. They would love to see these product improvements. And of course, the Diolkos Transport Network will deliver each and every item below.
Enjoy.
Note: How do you begin to bank the unbanked without the need for branch services ?
Product Improvements - Retail Payments
POS Payments
• Mobile Delivery (Cardless)
• Deposit or Credit Account payment
• Immediate Value into account (No POS Terminal Settlements at EOD to FI or Credit Card organization)
• No multi-bank connectivity required, just the Vendors and Purchasers own banks
• Payment Limit option to force Approver engagement
• FX through participants own FI
• Pre-Authorization of funds (Have you seen how this works today ?)
• Partial & Multi-Payor capabilities
Cheque Payments (Check) and Person-to-Person
• No paper or image exchanged
• No paper or image storage
• No exchange of PII
• No need for a Challenge Question
• No Deposit Process required
• No NSF, No Holds, No Fraud
• No overpayment (payment limit and 3rd Party Approval)
• Multi-Currency - FX through either participants own FI
• Future dating integrated into the system
• Pre-Authorization of funds
• Partial & Multi-Payor capabilities
e-Commerce Payments
• Multi-Channel (Cardless)
• Deposit or Credit Account payment
• Value directly into vendors account (no settlement to Credit Card organization)
• Good funds only - ship upon payment confirmation
• No multi-bank e-comm connectivity required, just the vendors and purchasers own banks
• Payment Limit option to force Approver engagement
• Multi-Currency - FX through either participants own FI
• Partial & Multi-Payor capabilities
Prepaid Program (Gift Certificate) Payments
• 2 Types: Limited Use and Widespread Use – low cost and available to all business sizes
• Executes through single infrastructure for all 3 participating parties (hence KYC now applicable to Payee, Payor/Sponsor, and Benefactor)
• No Infrastructure – no external 3rd-party cards, devices or equipment. Available to anyone, even individuals (ex. parents) through their own FI
• Cross-border partnership support (Multi-Currency FX)
• Not just a POS offering, it is available to all payment types and businesses and Governments.
• Excellent to pre-fund medical treatment or food purchases by government insurance programs.
• “No cost” implementation
• Option for Sponsor to Cancel and request a refund of the remaining amount.
• Unused amounts can be refunded to Payor/Sponsor (reduced escheatment)
• Static and Dynamic Branding capabilities
• Bankruptcy protection can be offered with balances frozen and returned to Payor/Sponsor upon notice of Bankruptcy to the FI supporting the program.
GIG Payments
There is no "bank provided solution" available today.
These capabilities are independently offered by GIG businesses through their own systems that are typically using Credit Card payment rails (revenue collections) and the EFT/AFT capabilities (disbursement deposits) supplied by their banking relationships.
• No standard product definition as yet
• Requires 3rd Party collection, retention and maintenance of sensitive PII information
• All parties exposed to all current avenues of fraud and theft associated with hacking of card and account information
• Card not Present fraud issues as well as new avenues such as Vomit Fraud (ex. rideshare Uber), Loyalty Point theft
Product Improvements - Business and Government Payments
Recurring Collections - Pre-Authorized Direct Debit (PADD)
• Significant regulatory oversight improvements
• Initiated by Payee but entire series of payments is fully reviewed and “Authorized” by Payor
• Payor knows the exact payment date on each payment
• Has a Termination Date option (hence can be renegotiated)
• Payor can Cancel themselves through their own FI (No Payee involvement)
• No special PADD Agreement. Full control now given to Payor and can be included in the standard banking agreement
• No file maintenance or weekly/bi-weekly file submission
• Cross-border supported (Multi-Currency FX)
• Full Reporting on Accounts Receivable including future-dated items
• Historical reporting for Consumer
Recurring Collections - Bill Payments (CCIN)
• No Vendor Registration
• No Vendor List Updates
• No Subscriber Registration
• No Special Clearing Infrastructure
• Payable through all channels supported by the Payor’s FI, without the need for special (CCIN) infrastructure
• Future dating allowed but funds are always good (no NSF)
• Cross-border supported (Multi-Currency FX)
• Full Reporting on Accounts Receivable including future-dated items
• Historical reporting for Consumer
Employer Payments – Payroll and One-time
• “Guaranteed” to arrive in targets account (Secure: Dual security key transaction)
• Only Open and Valid target accounts require funding (pre-tested for every payment processed)
• Pre-funded and Future Dated payments can optionally receive interest
• Future Dating is allowed
• Cross-border supported (Multi-Currency FX)
• Automated Reconciliation Report
• Deposit Confirmation available for all transactions
• Detailed Remittance (incl. Bonus and Deduction data) shipped with each payment
Government Payments (Mass and One-Time)
• Support Payments, Reimbursement, Pension, Tax Refunds, etc.
• “Guaranteed” to arrive in targets account (Secure: Dual security key transaction)
• Only Open and Valid target accounts require pre-funding (pre-tested for every payment processed)
• Future Dating is allowed
• Pre-funded and Future Dated payments can optionally receive interest
• Cross-border supported (Multi-Currency FX)
• Automated Reconciliation
• Deposit Confirmation available for all payments
Product Improvements - Non-Currency Payments
A critical competitive factor to client acquisition and retention are Loyalty programs or specialty token programs. These programs operate on separate 3rd party platforms that are exposed to all type of challenges in day-to-day operation as well as fraud and theft.
And they do not integrate well into the front-end at the time of payment execution. These solutions have many challenges, including new accounting rules to manage balance sheet liability that need correction.
Ultimately, shouldn’t these solutions be improved and be tightly tied into the fiat currency payment execution process and be available to all sizes of businesses, not just those with deep pockets ?
Here are lists of “what we need…” to move to the next century in payment capabilities.
Loyalty Point Award and Redemption Payments (incl. Coupons)
• Same infrastructure as Fiat Currency payments and applying both Sanctions Screening and AML/ATF to purchases and redemptions ?
• All Rewards transactions are processed through the Payee and Payor’s own FI (no fraudulent access)
• All awards and redemptions are integrated into and executed with the source fiat currency payment (mixed payments available)
• All transactions are authenticated at the time of execution for both the Program Owners (Payee) and the Program Participants (Payor)
• No 3rd Party Infrastructure is required by the Vendor/Retailer and hence removing all associated security hacking risks and PII exposure
• Universality - Payor Access to multiple Rewards programs through any of their FI’s, globally
• Multi-Party Partner Programs Supported. Multiple Redemption/Award Partners can be enabled to a program (ex. Air Miles, Avion, Scene, …) and no infrastructure investment required
• Available to all payment types (POS, e-Comm, Prepaid, Cheque Replacement, and GIG)
• Proportional award to partial payment participants (automated)
• Reversal of Awards on any and all Refunds (including split payments and partials)
• Cash redemptions (point buy-back) and Reward Purchases (point top ups) - Campaign or Always Available (with applicable Sanction Screening and AML)
• Integrated execution of Liability accounting entries (IFRS 15), including cash transfer payments to/from Redemption/Award Partners
• Point Expiry mechanisms and options
• Easy Program transfer from existing (old) platform to this invention
• Simple Merger of Programs (ex. One retailer acquires another, both with programs)
Multi-Vendor Token Payments
• Security: Processing of Token transactions through all participants (Payee and Payor) own FI (no fraudulent access) and now applying Sanctions Screening and AML/ATF
• All Token Payments are pre-authorized by the Beneficiary to guarantee that there are sufficient to close the payment
• All transactions and participants are authenticated at the time of execution including Redemption Partners (Payees) and the Sponsor/Beneficiary (Payor)
• No 3rd Party Infrastructure is required by the Vendor/Retailer and hence removing all associated security hacking risks and PII exposure
• Token Programs are Reloadable
• Tokens can be purchased by Sponsors (Like a gift card)
• Tokens can be transferred between Beneficiaries (ex. Compensation for completing a survey, etc)
• Universality - Payor Access to multiple Token programs through any of their FI’s, globally
• Multiple Redemption Partners can be enabled to a program (by the Program Owner)
• Integrated execution of cash transfer compensation payments to/from both the Owner and their Redemption Partners
• Program Mergers (due to acquisition, etc.)
• Government Programs ex. Food Stamps
• Bankruptcy protection can be offered with balances frozen and returned upon notice to supporting FI
Product Improvements - Fraud Elimination
What payment product issues exist today that have long needed permanent repair ?
1. Multiple system login credentials – These create user friction challenges and as a result of human nature, the level of security deteriorates over time. To eliminate, the best option is to force individuals to communicate to their FI’s only through a single secure channel for all payment types (hence no credentials and PII are required on any other 3rd party system or device).
2. Identity Theft – make all payments publicly anonymous and retain PII at Financial Institutions only - No PII Data should be exchanged between the Payor and Payee hence no PII is exchanged over open electronic channels to be captured by interlopers.
3. Deposit Account Alterations - The Deposit Account is set by the FI so there are no alterations allowed hence no redirection of payment funds. No PII data can be entered by Payee or Payor to redirect a payment.
4. All payments of all types are directly authorized by the Payor and Payee - No unknown debits or credits to accounts that are possible with PADD or other EFT/ACH transactions.
5. Man-in-the-middle (MITM) attacks - open channel e-mail communication of payment details that include account information and other PII are problematic. Fraudsters are intercepting individual payments and redirecting to a fraudulent deposit account. Shared Secrets require effort. They are not frictionless so they evolve over time in the direction of insecure. In many ways, annual volume statistics demonstrate that consumers are aware and this issue is limiting the use of this payment method, no matter how efficient and effective they are in moving funds account-to-account, bank-to-bank.
6. Mobile Profiling – As there is no exchange of PII data between the Merchant (Payee) and the Consumer (Payor) the Merchant cannot acquire or sell their customers data for marketing purposes. In the Diolkos Transport Network, all transactions related to an individual are held by their FI only so any use of this data would be protected by a single agreement the account holder and their FI.
7. Pre-authorized transactions – While not a fraud opportunity in itself, this capability is important to assure sellers that the buyer has the funds prior to completing a service that is irreversible. Predominantly visible today in automobile gasoline purchases, it is a capability that is difficult for most business to implement. It would be more ideal if it were made available to all transaction types and user groups. This would provide fraudulent representation and theft protection to vendors from nefarious Payor’s prior to delivery of services.
8. NPO Accounts – Non-Profit Organizations – Who is controlling the payments and for who ? Are individuals using these accounts for payments that are nefarious or even theft ? Payment oversight, including one or more third parties, is a level of protection against these activities.
9. Charity Collections Fraud - same potential issues as NPO Accounts but in some cases these are used by fraudsters for collection of non-legitimate funds. For tax recognition and advertisement legitimacy, these accounts typically require “Charity Registration” with some level of government. Registration is to be fully disclosed to Donor/Payor’s and it would be preferable to have the payment type designated specifically within the payment solution and in turn data presented during the payment authorization. That way funds would be easily recognized and reported.
10. Cramming (Invoice payment layering): Who is being paid ? The fraudulent practice of adding unauthorized charges to a customer's phone bill, or other service invoice to sneak charges past a customer. Example: In Canada Crave can be paid through Apple which in turn is paid through Visa, which itself is finally paid and settled through bank payment by physical cheque or other corporate electronic payment means. The original purpose of the charges is layers deep hence payment reconciliation of original charges is difficult. Invoice payment layering is less likely as volumes move to the services offered by this invention as all payments are possible directly from a single bank account, including purchases from a credit account or the credit side of an operating account. The type of payment through NAICS Code or other can be included such that payments can be grouped for review by the FI.
11. False PADD remittances – Fraudulent (and typo error prone) Direct Debit submissions from vendors are concerning to account holders. They are great collections tools for companies as well as Payroll processing facilities. Authorization is an issue and will remain an issue. Payment Systems manage “Rules” to protect the participants and provide oversight. Payment execution is only a portion of the service. Setup and removal of services is an administrative burden for all parties. Payments Canada is polling the community now on changes to PADD Rules that include adjustments to onboarding (manual and electronic) so this issue will continue until a better solution is in place. By design, any payment or deposit to an account should be authorized with absolute control by the owner of the account.
12. Contactless Card Fraud (NFC Issues in relation to fraud) – Portable Near-field Readers of NFC cards provide opportunities for fraudsters to pull payment from a card/account. Using a secure system generated QR Code “screen presentation with camera reader” with independent FI lookup/confirmation eliminates the need for cards and NFC technology.
13. Professional fraudsters are world leaders at hiding activity and funds movement between accounts at multiple banks through multiple payment systems. Today’s solutions will remain vulnerable due to their operational designs. If one core platform solution is possible then all payments of all types from all Users are easily traceable from account-to-account, bank-to-bank and reporting through system administration facilities for all payment and user types will be consistent and significantly more effective for all interested parties.
14. Malware – Risk of identity theft and fraud through installed malware increases substantially as the number of commercial portals/payment apps increases with every commercial relationship. If all payments are executed through bank provided Mobile Apps and Interfaces only (no 3rd party tools or access points) then the opportunities for Malware to impact your payments is drastically reduced if not eliminated. Bank provided apps and gateways are fully tested, configured and controlled on an ongoing audited basis with second-by-second monitoring for nefarious attempts to breach. No other industry works as hard to secure their direct-to-client online services than banks.
15. 3rd Party Payment Approvals – 3rd parties that can independently review and release payments that they support from their own FI would be tremendously beneficial. Hence there is no need for FI’s to onboard Approvers (KYC and ongoing authentication credential support) as they are non-account holding payment participants. Ease of use of this capability will in turn expand the usage of approvals on payments reducing fraud in both Businesses and Personal account scenarios (ex. oversight of the elderly or teenagers). BEC – Business E-Mail Schemes will be thwarted as the addition of maximum payment limits on accounts will prevent transfers larger than normal out of accounts and will never proceed without more than one set of eyes on the transaction.
16. Prepaid – Once purchased, the Beneficiary is in the wind. Ownership KYC also disappears opening the door to several fraud and theft opportunities. The costs to investigate and manage these events can be impactful. Prepaid Services should be built on and integrated into the same payment infrastructure with full access through each participant’s own FI (no cards to lose or have stolen, or copied by fraudsters). Hence all transactions are securely tied to a single person and/or business. This is much more secure and consistent. And what about unused balances (escheatment) when Owners and Beneficiaries are unknown ? And what about business bankruptcy ? Who’s funds are on deposit or are they pre-purchases without an order ? Program participants should be able to recover their unused balances at this time or any time for that matter if they cannot or do not wish to use the funds. Their individual program residual balances should be immediately frozen and kept safe from creditor claims.
17. Loyalty Point Programs – Stolen cards and Membership ID’s from databases create redemption thefts that occur daily. Membership Profile hacking stories are reported in the news monthly. Cardless and Membership ID’s with 3rd party systems open the door to lower levels of security. Market leading KYC, system security, KYC, and Authentication point to solutions that capitalize on what FI’s can bring to the table. Consumers and businesses should leverage their own FI for these non-currency payments services. If FI’s can integrate these services into their payment execution front-end then consistency in all supporting payment services can be applied. And the option to combine payment methods to the same payment will open doors to better commerce and reduce balance sheet liability risk for businesses (IFRS-15).
18. VAT Tax Fraud – Governments are fighting fraudulent ITC remittances on a continuous basis so automation to tie credits to actual purchases will greatly assist in reducing/eliminating false claims as well as improve tax revenues in this area. At present, ITC’s are self-remitted in a completely independent and isolated manner in relation to their associated purchases/payments and tracing and validation is extremely costly. The ability to produce and submit auditable reports from businesses tying payments/purchases to ITC remittance claims will not only eliminate fraud but will also improve accounting effectiveness for all businesses.
19. Escrow Payments – Fraudulent representation of either party to delivery of services or payment commitments on same is why escrow services exist. However, Escrow Payments are not a mainstream payment service offered by banks today because the execution through today’s systems is considerably challenging. Escrow provides both parties with full transparency and increased trust that work completion and quality plus the funds to pay are secured. And it would also require self-management/ease-of-use such that both self and 3rd party release of payment funds is completed from any 3rd-Party Approvers own FI. There should be no need for FI’s to onboard any 3rd Party non-account holding payment participants to deliver a solution such as this.
20. And others…
Comments