1

IPSO Response to the European Commission Green Paper

‘Towards an integrated European market for

card, internet and mobile payments’

Author: Úna Dillon, Head of Card Services and Communications

Irish Payment Services Organisation Ltd. (IPSO)

About IPSO

The Irish Payment Services Organisation (IPSO) is the representative industry body, the

voice and guardian of the payments industry and the strategic interface with all payments

stakeholders within the Republic of Ireland. Its fundamental principles are to preserve the

integrity and security of the Irish payments systems and to promote and oversee the

strategic development of such systems in the interest of the industry and the general public.

This document was prepared in conjunction with the card issuers and acquirers operating

within the Republic of Ireland, which are members of IPSO Card Services.

IPSO Card Services is responsible for examining security and fraud related issues affecting

the card payments industry as well as monitoring legal and regulatory changes both at a

domestic and European level. In addition, Card Services’ General Manager represents the

Irish retail banks on the European Payments Council (EPC) Cards Working Group and the

banking sector on the EPC Card Stakeholder’s Group.

2

Irish Payments Landscape

The payments industry within Ireland is very diverse, offering numerous payment and

related products, including:

• Single high-value automated credits

• Files of low-value automated credits and debits

• Cheque payments and paper credit transfers

• Debit card payments

• Credit card payments

• Payment messages via the SWIFT Network, and

• Cross-border payments

IPSO is working closely with its member banks, the Government and other stakeholders to

ensure the strategic development of Ireland’s payments systems. It has been widely

acknowledged that the efficiency of Ireland’s payment systems’ infrastructure could be

improved by making more use of secure and efficient electronic payment methods leading

to a reduction in cash and paper payment transactions.

Irish Payments Summary (2010)

Payment Method Number of

Transactions (millions)

Value of transactions

(€billions)

Electronic Credits 138.5 178.2

Electronic Debits 108 93.6

Credit Card Payments 108 11.3

Debit Card Payments 208 11.5

ATM Withdrawals 178.1 22.3

Lodgements–giro and other paper 42.1 460

Cheques and other paper 90.9 457

3

Irish Card Payments Landscape

The use of payment cards (i.e. credit and debit cards) in Ireland has grown considerably in

recent years as they are increasingly recognised as a cost efficient and convenient

alternative payment method to cash and cheques. The use of payment cards is dependent

on consumer confidence in such cards and in particular, in the security measures

surrounding their use.

In order to facilitate this continued expansion in the use of payment cards and to further

improve security measures in connection with their use for the benefit of consumers, card

issuers and acquirers, IPSO Card Services explores how security issues such as payment card

fraud can best be addressed within the card payments industry for the benefit of all

stakeholders. It also examines the impact on the card payments industry of legal and

regulatory changes and looks at opportunities for the development of card payments in

Ireland.

Trends in Number of Payment Cards in the Irish market 2003 – 2010 (millions)

4

Trends in Volume of Irish Card Payments 2003 – 2010

Trends in Value of Irish Card Payment 2003 – 2010

5

IPSO general comments on the EC Green Paper

IPSO welcomes the opportunity to provide comments on the European Commission’s Green

Paper “Towards an integrated European market for card, internet and mobile payment”.

We fully support the goals of the paper including in particular:

- The necessity for consumer choice

- The need for innovation in payments

- The need for customer safety and security, and

- The need for competition in the market

Consumer Choice

While banks and payment providers have a future view of payments and payment types,

none of us can predict what consumers will want to use, nor can we force consumers to use

one payment method or tool over another.

We believe that there should be better communication between payment providers,

regulators and consumers, with a relevant portal for that communication. All market players

should have a relevant channel to help them to understand the needs of consumers better

and to meet those needs, through providing better choices while ensuring security and

safety of the consumer.

Innovation

The speed to market of innovation has increased dramatically in the past ten years,

especially in the area of internet, mobile and contactless card payments. We believe that

the industry should promote the benefits of innovation in payments to both consumers and

retailers.

6

Regulation and standards should neither impede innovation nor prevent the market in

investing in new payment methods and tools. The market should be encouraged by

regulators to increase acceptance of new payment tools while considering consumers’

needs, through communication with consumers.

IPSO believes that consumers should be encouraged by the payments industry to use the

new technologies available to them while ensuring their trust in the systems and new

payment tools.

We believe that the costs for using current and future payment tools should be transparent

to both retailers and consumers and that they should have the choice to adopt new

technologies.

Customer Safety & Security

IPSO believes that the industry needs to provide choice for our customers while ensuring

security of the products and avoiding customer confusion. We believe that certain areas of

security and fraud prevention should be reviewed on a regular basis by the industry, to keep

up with the fast changing fraud trends in the payments market. Future threats should be

considered in more detail by the regulator – on an on-going basis.

Security is key to consumer trust and the industry needs to ensure that customer trust is

upheld today and in the future, as the payments market changes and new methods of

payments become available to our customers.

The industry should encourage not only the secure use of the payment tools they provide,

but the additional tools used by consumers such as PCs, smart phones, etc. There is an onus

7

on the industry to fully inform consumers on the risks and dangers of payment fraud and

more importantly on the solutions and preventative methods available to them, both

through the payments industry as well as through use of technology such as anti-virus and

anti-Malware software, etc.

We believe that this is an area that needs constant review, ensuring the on-going integrity

of the payments market. There are many moving parts within the payments industry and

the provider of each part needs to ensure that their area is secure.

IPSO believes that the industry security standards need to be sufficient, to avoid any

reputational risks.

Competition

IPSO believes that a level playing field is needed for the payments market. While national

competition authorities regulate the payments industry, such regulation should be

consistent across the board such that all stakeholders can operate in a fair and competitive

market.

The EPC SEPA Cards Framework is important for the future of card payments and should be

adhered to by all banks involved in card payments. Adherence should lead to greater

competition (having a set of standards in place means that new entrants to the market can

slot in easily to any part of the card payments chain).

8

SPECIFIC RESPONSES TO THE COMMISSION’S QUESTIONS

4.1.1. Multilateral Inter-change Fees (MIFs)

Questions

(1) Under the same card scheme, MIFs can differ from one country to another, and for

cross-border payments. Can this create problems in an integrated market? Do you think that

differing terms and conditions in the card markets in different Member States reflect

objective structural differences in these markets? Do you think that the application of

different fees for domestic and cross-border payments could be based on objective

reasons?

(2) Is there a need to increase legal clarity on interchange fees? If so, how and through

which instrument do you think this could be achieved?

(3) If you think that action on interchange fees is necessary, which issues should be covered

and in which form? For example, lowering MIF levels, providing fee transparency and

facilitating market access? Should three-party schemes be covered? Should a distinction be

drawn between consumer and commercial cards?

Responses

The industry must support competition.

The MIF will differ from country to country because the markets vary; the cost of processing

all types of payments, of running a business, of selling will be different in each country.

While a SEPA-market may integrate from a clearing, settlement and processing perspective

it is important to allow for competition within that market. Interchange itself is sometimes

confused with the Merchant Service Charge (MSC) or Scheme Transaction Fee (STF).

9

Interchange rates are set based on the costs incurred to both issuers and acquirers, paid by

the acquirers to the Issuers on a per transaction basis and covering such costs as:

• The guarantee of payment from the card issuer, given that the retailer is paid by the

acquirer in advance of the cardholder being debited;

• Payment to cover the interest free period, i.e. the time between a cardholder

shopping on their card and them paying their credit card bill;

• Processing of security and fraud prevention measures such as authorisations,

managing hot card files, etc.;

• Projects such as contactless card payments, etc.

• General processing costs, including the issuance of plastic cards.

The Card Schemes manage the interchange fees, while they have no remit over the set-up of

MSC fees. These are set by the acquirers and may or may not reflect the interchange value /

level for certain payment products; depending on the acquirer.

IPSO believes that to support the growth and promotion of card payments in the future, the

acquirers should provide transparency on their costs to retailers for processing payments,

for the various product types, e.g. credit, debit, prepaid, etc. where possible. There is a

regulatory requirement that all relevant Card Schemes publicise their interchange fees and

this is done however there is currently no onus on acquirers to justify their MSCs to

retailers.

For example, in Ireland, members of the local debit card scheme Laser Card have withdrawn

from the Scheme in favour of issuing Visa Debit to their cardholders instead, for the most

part. Visa has reduced the interchange fees for the debit card product to more or less meet

those set by the Laser Scheme. For both Schemes the interchange is a low value flat fee

however there is at least one Acquiring processor which is charging its customers (the

retailers) an ad valorem charge per transaction for the new debit card sales. This is not

helpful for the market, while IPSO and the Central Bank aim to encourage greater use of

more efficient payment methods such as payment cards.

10

While MSCs are a commercial matter for acquirers, IPSO believes that the fees charged to

retailers for card processing should be transparent to the retailers and the costs justified.

There is a misconception being borne in Ireland currently that a hike in merchant fees for

accepting debit cards is due to the arrival of the new schemes in the market, i.e. Visa Debit

and Debit MasterCard, while this is not the case.

IPSO proposes that while interchange, either bilateral or multilateral, can be adequately

established between relevant market players that the focus of the Commission should be on

the costs charged to retailers by their card processors.

We believe that a continued scrutiny of the interchange fees charged at local and European

level is not helpful for the market, while the actual costs, being charged and that do cause

an issue for consumers and retailers are being ignored.

With regard to three-party schemes, IPSO believes that a level playing field is needed.

While national competition authorities regulate the payments industry, such regulation

should be consistent across the board such that all stakeholders can operate in a fair and

competitive market.

With respect to commercial cards, it is true to say that in terms of the cost of delivery of this

service and the negotiations required with large corporations, the economies are different.

As such it is justifiable that there may be a pricing differential for commercial card

acceptance.

4.1.2. Cross-border acquiring

11

Questions

(4) Are there currently any obstacles to cross-border or central acquiring? If so, what are

the reasons? Would substantial benefits arise from facilitating cross-border or central

acquiring?

(5) How could cross-border acquiring be facilitated? If you think that action is necessary,

which form should it take and what aspects should it cover? For instance, is mandatory prior

authorisation by the payment card scheme for cross-border acquiring justifiable? Should

MIFs be calculated on the basis of the retailer’s country (at point of sale)? Or, should a

cross-border MIF be applicable to cross-border acquiring?

Responses

IPSO is not aware of any obstacles to cross-border or central acquiring in Ireland.

Cross-border acquiring is currently operational with the existence of the international card

scheme brands throughout Ireland for both debit and credit. Irish-based acquirers have the

capability to accept cards from other jurisdictions and non-Irish acquirers are already

establishing themselves in this country, without issue.

The evolution of tools such as Smart Phones and iPads means that cross-border activity will

grow. The relevant interchange is set by the card schemes but local market conditions are

taken into account.

No further action is currently required, in our opinion.

12

It should be noted that both foreign and domestic acquirers operating within Ireland are

required to adhere to the local legislation, rules and regulation regarding card payment

processing.

On the subject of MIFs, the calculation of MIFs should be a matter for the relevant card

schemes and the location of the acquirer (i.e. where the transaction takes place) should be

taken into account, given the varying costs in each country for card processing.

4.1.3. Co-badging

Questions

6) What are the potential benefits and/or drawbacks of co-badging? Are there any potential

restrictions to co-badging that are particularly problematic? If you can, please quantify the

magnitude of the problem. Should restrictions on co-badging by schemes be addressed and,

if so, in which form?

7) When a co-badged payment instrument is used, who should take the decision on

prioritisation of the instrument to be used first? How could this be implemented in practice?

Responses

The benefits of co-badging are numerous including that issuers can offer many options to

their customers including ATM facilities, store loyalty options, transport and ticketing

options, personal ID, etc. etc. However, there may be a potential for customer confusion,

especially where surcharges and restrictions are set by merchants for particular schemes,

card types or payment tools.

13

Laser Card in Ireland is a prime example, where the card is co-branded with the

international scheme Maestro but where a merchant may charge a higher rate for a

cardholder using the Maestro function, over use of the Laser function on the card. The

important thing here is that the industry provides choice for our customers while ensuring

security of payment products / instruments and avoiding customer confusion.

It is understandable that a card scheme would wish to restrict the options on a plastic card

or other payment instrument on which their brand would sit. The predominant scheme

should be permitted to be aware of the other brands and facilities that an issuer is placing

on their payment tools such that they do not affect the reputation of that brand. The issuer,

of course, should have the last word; within reason.

There can be restrictions by some card schemes, but most are justified. They have not been

an issue in the Irish market. Such restrictions should be a matter handled entirely between

the card scheme and their issuing members.

In Ireland co-badging exists on a reducing number of payment cards with the Irish-based

Laser Card Scheme co-badged with the international brand Maestro. The same card is also

co-branded with Cirrus, Link and Plus to facilitate the consumer’s use of ATMs domestically

and abroad. The benefits are two-fold, i.e. the cardholder can use their card at home at

both ATMs and POS but can also access POS and ATMs internationally. There are no known

apparent draw- backs.

Where an issue might arise, and a matter that the Commission does not appear to have

reviewed, is the co-badging of product types, e.g. where a single payment card might have

both credit and debit card facilities. There has been some debate in the market as to who

has the option when a card is presented with some parties suggesting that the retailer

should have the option. It is IPSO’s opinion that the cardholder should have the choice

whether it is their credit card function or debit card that is used during a given transaction.

14

It should be noted that this is not currently an issue in the Irish payments market, but

certainly something to consider for future reference.

In relation to mobile devices, while a number of separately identified payment products, i.e.

different ’apps’, could reside side by side on the device, the same rules should apply with

the co-badging of different payment brands on one individual payment app as to those for

payment cards; although this may be more difficult to police.

The introduction of another new framework would be confusing to the market. There is

absolutely no requirement for another one. The rules for SEPA card processing are already

in place today and are transparent and non-discriminatory. An entity laying out terms and

fees for access to card processing infrastructures could be seen as being anti-competitive. It

would restrict market players and most likely prevent growth and innovation. Adherence to

current clearing, settlement and card processing rules and criteria is currently not an issue.

4.1.4. Separating card schemes and card payment processing

Questions

8) Do you think that bundling scheme and processing entities is problematic, and if so why?

What is the magnitude of the problem?

9) Should any action be taken on this? Are you in favour of legal separation (i.e. operational

separation, although ownership would remain with the same holding company) or ‘full

ownership unbundling’?

Responses

Unbundling of schemes and processes is largely the norm within the SEPA-zone (according

to the various card schemes).

15

Issues may arise for Schemes that wish to compete with processing entities. The

requirement could possibly be seen as anti-competitive possibly?

The case in Ireland is that, in practice, while card issuers are in negotiations with card

schemes they are being offered processing services, but have the option not to adopt those

services and therefore the banks have the choice to accept processing services from the

schemes or to use other parties to do so.

IPSO believes that legal separation is sufficient in this regard.

4.1.5. Access to settlement systems

Questions

10) Is non-direct access to clearing and settlement systems problematic for payment

institutions and e-money institutions and if so what is the magnitude of the problem?

11) Should a common cards-processing framework laying down the rules for SEPA card

processing (i.e. authorisation, clearing and settlement) be set up? Should it lay out terms

and fees for access to card processing infrastructures under transparent and non-

discriminatory criteria? Should it tackle the participation of Payment Institutions and E-

money Institutions in designated settlement systems? Should the SFD and/or the PSD be

amended accordingly?

Responses

It is true to say that under the PSD the new players to the card payments market can and do

become banks in their own right, which avoids the need for a sponsor bank.

16

The experience in Ireland is that this is not problematic as new players on the market tend

to use sponsor banks for their clearing and settlement. The risks should be considered by

the sponsor institution while ensuring that their ‘customer’ complies with a minimum

required set of standards, especially with regard to the security and integrity of the

payments. Both parties should ensure that clearing and settlement is carried out such that

consumers and retailers are not affected by delays in payment, or similar.

IPSO believes that there should be greater controls and a more active role by the regulators

with the new players in the payments market, to avoid any undue risks to retailers and

consumers, while the new parties might be less familiar with the problems that can arise in

the payments system and on handling such risks as fraud, cybercrime attacks; and general

customer queries / disputes.

4.1.6. Compliance with the SEPA Cards Framework (SCF)

Question

12) What is your opinion on the content and market impact (products, prices, terms and

conditions) of the SCF? Is the SCF sufficient to drive market integration at EU level?

Are there any areas that should be reviewed? Should non-compliant schemes disappear

after full SCF implementation, or is there a case for their survival?

Response

The requirement to comply with the SCF has led to the cessation of some smaller national

card schemes. For some countries this has meant that initial processing costs and charges to

consumers and retailers have changed (increased for the most part). That said, the SCF is

important for the future of card payments and should be adhered to by all banks involved in

card payments. Adherence should lead to greater competition (having a set of standards in

17

place means that new entrants to the market can slot in easily to any part of the card

payments chain). After full implementation, non-compliant schemes should be reprimanded

by the relevant authority and their needs addressed, to ensure future compliance.

Certainly the areas of security and fraud prevention should be reviewed on a regular basis to

keep up with the fast changing fraud trends in the card payments market. Future threats

should be considered in more detail.

4.1.7. Information on the availability of funds

Question

13) Is there a need to give non-banks access to information on the availability of funds in

bank accounts, with the agreement of the customer, and if so what limits would need to be

placed on such information? Should action by public authorities be considered, and if so,

what aspects should it cover and what form should it take?

Response

IPSO is not entirely clear on the purpose of this question. Is the Commission asking if

retailers can have direct access to Cardholder bank account information?

Such access to bank account information is a matter for each country while data protection

legislation varies in every one and should be taken into consideration. Customers should be

aware, when dealing with their card issuer, if third parties are accessing their information.

Non-banks currently operating in the card payments arena appear to work without issue

while not accessing account information. If this were to change, there needs to be security

standards in place to ensure the protection of the customer information and the integrity of

the card payments system.

18

All retailers have available to them an online authorisation process which when used

correctly at POS can verify that customers have sufficient funds in their accounts to cover

transactions taking place. There is an obligation on the Card Issuers, through the online

authorisation process, to verify this information in real time. It is in the issuers’ interests to

verify that information. On that basis, we are confused somewhat at the Commission’s

suggestion that the banks ‘may refuse to cooperate’.

If the Commission is referring to third party PSPs which act on behalf of card issuers and

acquirers for various reasons, such as for the processing of internet sales, etc. then there

should be strict agreements in place between those PSPs and the banks in question, with an

emphasis on the security of customer data.

IPSO believes the security of customer data to be of paramount importance.

4.1.8. Dependence on payment card transactions

Question

14) Given the increasing use of payment cards, do you think that there are companies

whose activities depend on their ability to accept payments by card? Please give concrete

examples of companies and/or sectors. If so, is there a need to set objective rules

addressing the behaviour of payment service providers and payment card schemes vis-à-vis

dependent users?

Response

Most e-commerce merchants now have a number of payment options available to them, in

addition to card payments, for example PayPal. Most retailers will choose to accept cards on

19

the basis of cardholder preference as well as for the security (payment guarantee) that they

provide (e.g. 3D Secure).

Regarding rules to address the behaviour of payment service providers, these are already

established by the card schemes / banks. Any issues that might arise are addressed on a

case by case basis.

IPSO believes that there should be greater intervention by the regulator in future as new

third parties enter the payments market, which do not act in accordance with payment

processing standards.

The rules should also be considered to ensure they are not prohibitive, e.g. by inadvertently

making cards the standard form of payment, especially if surcharging is imposed by

retailers, which is done in many instances.

4.2. Transparent and cost-effective pricing of payment services for consumers, retailers

and other businesses

4.2.1. Consumer — merchant relationship: transparency

Question

15) Should merchants inform consumers about the fees they pay for the use of various

payment instruments? Should payment service providers be obliged to inform consumers of

the Merchant Service Charge (MSC) charged / the MIF income received from customer

transactions? Is this information relevant for consumers and does it influence their payment

choices?

20

Response

IPSO believes that provision of this information from retailers to consumers would be

impractical while a full list of economic costs would be needed.

The provision of such information should not be the norm, rather it should be an option for

a retailer in the event a consumer questions the pricing on, for example, a surcharge or

handling fee which may clearly vary depending on the brand of card used or the method of

payment. There should be no restrictions on retailers in providing this information, which

should be entirely a matter for them.

While the merchant should have the option, we believe that it would be difficult for a

merchant to clarify the actual cost of an individual payment card transaction to their

customer given that the MSC paid by them includes a number of things including the cost of

processing a given sale. If a retailer is obliged to provide such information then we believe

they should also be required to provide details on the costs of processing and managing

other types of transactions such as payments by cash, cheques, drafts, etc.

For those retailers which choose to disclose their costs to customers, there should be a

requirement for them to provide accurate details, for example in the case of certain airlines,

the level of surcharging and high fees described to customers as covering the cost of the

consumer using their debit or credit card, should be transparent and true.

It is important that there is transparency around merchant surcharges.

It is also of the utmost importance, as far as IPSO is concerned, that the decision regarding

the payment type should be entirely up to the consumer. Retailers should not be

encouraged to steer cardholders towards one payment method over another – especially if

the forced choice is disadvantageous to the customer.

21

A study carried out by Accenture a number of years ago found that the costs for processing

cash and cheques through the payments system were in the area of 1% of GDP. These costs

included such things as security, processing, handling fees, staff management, bank charges,

printing, etc. These costs are generally not taken into account by retailers in their day to day

work, while their card payment charges are transparent – appearing in print in their

monthly statements.

IPSO believes strongly that if the Commission feels that retailers should be obliged to

provide details to customers on the cost of processing card payments, they should also be

required to give an account of their cash and cheque handling costs.

4.2.2. Consumer — merchant relationship: rebates, surcharging and other steering

Practices

Question

16) Is there a need to further harmonise rebates, surcharges and other steering practices

across the European Union for card, internet and m-payments? If so, in what direction

should such harmonisation go? Should, for instance:

– certain methods (rebates, surcharging, etc.) be encouraged, and if so how?

– surcharging be generally authorised, provided that it is limited to the real

cost of the payment instrument borne by the merchant?

– merchants be asked to accept one, widely used, cost-effective electronic

payment instrument without surcharge?

– specific rules apply to micro-payments and, if applicable, to alternative digital

currencies?

22

Response

- It is IPSO’s opinion that discounts and surcharges offered by retailers should not

restrict the use of more efficient payment methods such as card payments and

electronic payments, over the use of cash and cheques. Surcharges, especially

excessive charges should be justifiable, i.e. they should reflect the cost to the

merchant for accepting a given payment method.

While the PSD offered the option to most countries to legislate against surcharging,

the Irish market chose not to do so. As such, merchants continue to charge excessive

fees for card payments over legacy payment types, while under the (incorrect)

impression that the legacy ones are cheaper for them, e.g. cash.

- IPSO believes that while surcharging is allowed within the legislation in Ireland, the

fees actually charged by merchants to their customers for using specific types of

payments should be transparent, and should not exceed the cost to the merchant

for accepting the payment method in question.

- Regarding merchants accepting one, widely used, cost-effective electronic payment

instrument without surcharge, it is difficult to see how this could be identified by a

single merchant. That is to say that a merchant should be able to accept any

payment method that is available to his customer from their bank or financial

provider. Payment methods should not be restricted to one single type or tool. This

would be restrictive on both retailer and consumer.

- Regarding the suggestion to implement rules for micro-payments, we believe that

there are sufficient rules in place. The card schemes and acquirers offer incentives

through varied pricing arrangements for low value transactions carried out in a

contactless environment. The industry aims to promote more activity on contactless

23

cards for low value payments, and to encourage the use of these payments as an

alternative to using cash.

4.2.3. Merchant — payment service provider relationship

Question

17) Could changes in the card scheme and acquirer rules improve the transparency and

facilitate cost-effective pricing of payment services? Would such measures be effective on

their own or would they require additional flanking measures? Would such changes require

additional checks and balances or new measures in the merchant-consumer relations, so

that consumer rights are not affected? Should three party schemes be covered? Should a

distinction be drawn between consumer and commercial cards? Are there specific

requirements and implications for micropayments?

Response

The current card scheme and acquirer rules provide sufficient transparency on the pricing of

payment services.

The various interchange rates are available to retailers in the public domain, on the websites

of each card scheme. This enables shops to see the cost to their acquirer for processing

transactions under each card type / brand. There is transparency with MSCs where charges

to merchants for management services, terminal rental, till roll costs, customer services,

authorisations, etc. are made clear as a norm and are broken down on the customer’s

statement, as issued by their acquirer.

24

This knowledge enables competition while merchants can shop around for the best value

available to them.

We believe that there is no further change required in this regard.

4.3. Standardisation

Card payments

Question

18) Do you agree that the use of common standards for card payments would be beneficial?

What are the main gaps, if any? Are there other specific aspects of card payments, other

than the three mentioned above (A2I, T2A, certification), which would benefit from more

standardisation?

Response

Yes, common standards are a requirement for card payments. They are beneficial for

current and potential market participants. There is sufficient work being undertaken by the

European Payments Council to develop a minimum set of standards required for all parties

in the card payments market.

IPSO believes that no further action is required at this time.

Question

19) Are the current governance arrangements sufficient to coordinate, drive and ensure the

adoption and implementation of common standards for card payments within a reasonable

25

timeframe? Are all stakeholder groups properly represented? Are there specific ways by

which conflict resolution could be improved and consensus finding accelerated?

Response

These requirements are adequately met through the work of the European Payments

Council Cards Working Group and Card Stakeholder Group. Full engagement is required by

all stakeholders in the POS payment market, to ensure that all relevant bodies input to the

work being done to create a minimum set of required standards.

IPSO is not aware of a conflict currently that needs to be addressed. It should be noted

however that the work in hand to develop the standards should not be force-accelerated as

such a move could lead to inefficiencies and missed steps. Card payments are complicated

and the production of standards for same cannot and should not be rushed.

Question

20) Should European standardisation bodies, such as the European Committee for

Standardisation (Comité Européen de Normalisation, CEN) or the European

Telecommunications Standards Institute (ETSI), play a more active role in standardising card

payments? In which area do you see the greatest potential for their involvement and what

are the potential deliverables? Are there other new or existing bodies that could facilitate

standardisation for card payments?

26

Response

Work being carried out by the EPC Card Stakeholders Group and EPC Cards Working Group

has progressed for some time and is due to be finalised soon. It would be detrimental to this

process to start afresh with a new entity. This would cause undue delays to market players

which are already making changes to processes, systems and rules. There is no requirement

for new parties to play a more active role in the already successful process.

Question

21) On e- and m-payments, do you see specific areas in which more standardisation would

be crucial to support fundamental principles, such as open innovation, portability of

applications and interoperability? If so, which?

Response

IPSO believes that as long as the providers of e- and m-payments adhere to the security

standards and operational rules for payments, there should be no difference in the

requirements here than for any other payment gateway. The work being done at EPC on

standards for payments includes such methods as e- and m-payments, so IPSO believes that

no further standardisation is required here.

Question

22) Should European standardisation bodies, such as CEN or ETSI, play a more active role in

standardising e- or m-payments? In which area do you see the greatest potential for their

involvement and what are the potential deliverables?

27

Response

As per response to Question 20.

4.4. Interoperability between service providers

Question

23) Is there currently any segment in the payment chain (payer, payee, payee’s PSP,

processor, scheme, payer’s PSP) where interoperability gaps are particularly prominent?

How should they be addressed? What level of interoperability would be needed to avoid

fragmentation of the market? Can minimum requirements for interoperability, in particular

of e-payments, be identified?

Response

There are no such gaps. All card payment matters are being addressed sufficiently by the

EPC Cards Working Group, through the SEPA Cards Framework and The Volume (the Book of

Requirements).

Question

24) How could the current stalemate on interoperability for m-payments and the slow

progress on e-payments be resolved? Are the current governance arrangements sufficient

to coordinate, drive and ensure interoperability within a reasonable timeframe? Are all

stakeholder groups properly represented? Are there specific ways by which conflict

resolution could be improved and consensus finding accelerated?

28

Response

IPSO believes that there is a perceived fragmentation of the European market when

compared with the Asian or Kenyan markets for example which are more progressive in the

rollout of m-payments in particular.

IPSO supports payment developments and customer choice. While as an industry we can

provide solutions to consumers, we cannot push usage of the new technologies or payment

tools.

4.5. Payments security

Question

25) Do you think that physical transactions, including those with EMV-compliant cards and

proximity m-payments, are sufficiently secure? If not, what are the security gaps and how

could they be addressed?

Response

Securing these types of payments is a matter for card issuers (to enable their cardholders to

protect their data) and merchants (to protect their businesses). The current EMV standard

has proven to be sufficient in this regard.

Security is critical for new forms of payments such as e- and m-payments. The industry has

invested hugely in security and IPSO believes that all new players in the market need to

meet the existing standards; with a special emphasis on consumer protection.

29

It would be prudent to have a set of industry recommendations and / or standards to ensure

the integrity of the card payments systems, especially while ecommerce card fraud

continues to persist. The Volume, as developed by the EPC, which outline the required

standards should be used for this purpose.

There is no evidence to suggest that proximity payments are any less secure than physical

card payments currently.

Question

26) Are additional security requirements (e.g. two-factor authentication or the use of secure

payment protocols) required for remote payments (with cards, e-payments or m-

payments)? If so, what specific approaches/technologies are most effective?

Response

There are solutions currently available in the market, which are proven, such as the use of

3D Secure, CAPs, etc. These have proven to be successful mitigants to payment fraud.

We believe that there are areas for improvement in security for the online and mobile

payment infrastructures. Unlike payment cards, there is no 2FA equivalent to, for example,

Chip & PIN for online or mobile payments and as such it is only a matter of time before

widespread fraud becomes an issue in this area.

The industry will continue to evolve and to produce new solutions to new payment fraud

trends. There is sufficient policing of the issues currently done by the card schemes and

through the work being done by the EPC.

30

IPSO believes that the industry security standards need to be sufficient, to avoid any

reputational risks. For example, a recent well-known industry project to introduce an e-

payment platform has shown to be lacking in adherence to the minimum security standards,

while it leaves security measures up to each bank. There are solutions available in the

market and it is essential that minimum standards are in place to ensure integrity of the e-

payments process.

Question

27) Should payment security be underpinned by a regulatory framework, potentially in

connection with other digital authentication initiatives? Which categories of market actors

should be subject to such a framework?

Response

IPSO believes that it makes sense to have e- and m-payment security. A minimum set of

standards with which the market can comply would benefit all parties.

To date the self-regulation approach by EU banks has proven to be effective. The industry

wants standards and as such will comply with those agreed by the relevant EPC working

groups and which have been approved by the EPC Plenary. The ECB is represented on all

relevant EPC working groups, providing a neutral position on all matters that may arise.

IPSO believes that no further regulatory frameworks are required in this space.

Question

28) What are the most appropriate mechanisms to ensure the protection of personal data

and compliance with the legal and technical requirements laid down by EU law??

31

Response

Currently all banks consider the security of their customer’s financial data to be of the

utmost importance. However, there should be a distinction made here between personal

and financial data. New players such as Google and Facebook tend not to hold financial data

and perhaps appear to take less interest in the security of their customers’ data.

As the market grows and evolves, data security becomes even more critical. In the future we

can use what has worked to date but new players in the payments market need to be

compliant with the existing security standards into which existing banks and financial

institutions have invested hugely.

IPSO believes that there are appropriate mechanisms in place to ensure the protection of

personal data and compliance with the legal and technical requirements under EU Law,

through local and European governance.

5. STRATEGY IMPLEMENTATION/GOVERNANCE

5.1. Governance of SEPA

Question

29) How do you assess the current SEPA governance arrangements at EU level? Can you

identify any weaknesses, and if so, do you have any suggestions for improving SEPA

governance? What overall balance would you consider appropriate between a regulatory

and a self-regulatory approach? Do you agree that European regulators and supervisors

should play a more active role in driving the SEPA project forward?

32

Response

The ECB is currently involved as an overseer on many if not all of the EPC working groups.

The contribution by the ECB to date has been useful for EPC members and has ensured

clarity on the needs of the Eurosystem with regard to payments systems and compliance

with rules and standards already agreed.

The timelines and work plans of the EPC have worked to date. Any issues which public

authorities have with this should be addressed directly between that body and the EPC,

without the need for the bodies in question to participate in or provide new governance for

the existing process.

5.2. Governance in the field of cards, m-payments and e-payments

Questions

30) How should current governance aspects of standardisation and interoperability be

addressed? Is there a need to increase involvement of stakeholders other than banks and if

so, how (e.g. public consultation, memorandum of understanding by stakeholders, giving

the SEPA Council a role to issue guidance on certain technical standards, etc.)? Should it be

left to market participants to drive market integration EU-wide and, in particular, decide

whether and under which conditions payment schemes in non-euro currencies should align

themselves with existing payment schemes in euro? If not, how could this be addressed?

Response

The EPC Card Stakeholder’s Group sufficiently captures the needs of all stakeholders in the

market, through representation from relevant sectors, including card schemes, banks,

retailers, vendors, etc.

33

The EPC also ensures that any new standards and or proposals regarding changes to the

card payments system are circulated for public consultation, on a regular basis, giving

opportunity to all stakeholders to submit their input to the work being done.

IPSO believes that there is a risk of over-regulation in areas which could lead to less

competition, a reduction in innovation and to costly changes within the market – more so

than there have been already.

Question

31) Should there be a role for public authorities, and if so what? For instance, could a

memorandum of understanding between the European public authorities and the EPC

identifying a time-schedule/work plan with specific deliverables (‘milestones’) and specific

target dates be considered?

Response

Card payments are complicated. To produce a key set of minimum standards and

requirements for all stakeholders takes time while all of the stakeholders need to be

involved, need to make costly changes to their software, hardware and their own internal

rules and operational structures. IPSO believes that the EPC is sufficiently managing the

production of the relevant standards within realistic time frames.

While existing banks are committed to complying with the relevant SEPA requirements and

standards, we are concerned that there is currently no onus on other stakeholders in the

retail market to make such commitments. The Commission should consider how compliance

by these third parties can be achieved. The banking industry has already firmly committed

to doing the work required and to complying with the relevant standards. To ensure a level

34

playing field there should be a method in place to guarantee that new and / or third party

stakeholders achieve the same level of compliance.

6. GENERAL REMARKS

Question

32) This paper addresses specific aspects related to the functioning of the payments market

for card, e- and m-payments. Do you think any important issues have been omitted or

under-represented?

Our comments here are twofold:

- One point that stands out in the Green Paper is the lack of interest for the consumer.

The cardholder insights are thin while the paper appears to take the view of the

retailer / merchant and less so the consumer. IPSO believes that the needs of the

consumer from a cost, efficiency, innovation, security and practical point of view

should be considered further by the Commission.

While public consultations can be issued to certain relevant bodies, it is difficult to

reach the consumer, to get their view and details on their wishes for retail payments

of the future. Perhaps the Commission can seek to develop a mechanism to reach

consumers – to ask their view on card, e- and m-payments.

- The Green Paper appears to hold little regard for the need to ensure that new

players in the market which have not been involved in banking or payments are

compliant with at least the minimum security standards. The safety and security of

consumers is paramount and while banks are heavily regulated in this area, there

needs to be a level playing field such that security of all payments is a requirement

across the board.

35

IPSO Key Messages

IPSO fully supports the goals of the paper including in particular:

- The necessity for consumer choice

- The need for innovation in payments

- The need for customer safety and security, and

- The need for competition in the market

Consumer Choice

While banks and payment providers have a future view of payments and payment types,

none of us can predict what consumers will want to use, nor can we force consumers to use

one payment method or tool over another.

We believe that there should be better communication between payment providers,

regulators and consumers, with a relevant portal for that communication. All market players

should have a relevant channel to help them to understand the needs of consumers better

and to meet those needs, through providing better choices while ensuring security and

safety of the consumer.

Innovation

The speed to market of innovation has increased dramatically in the past ten years,

especially in the area of internet, mobile and contactless card payments. We believe that

the industry should promote the benefits of innovation in payments to both consumers and

retailers.

Regulation and standards should neither impede innovation nor prevent the market in

investing in new payment methods and tools. The market should be encouraged by

regulators to increase acceptance of new payment tools while considering consumers’

needs, through communication with consumers.

36

IPSO believes that consumers should be encouraged by the payments industry to use the

new technologies available to them while ensuring their trust in the systems and new

payment tools.

We believe that the costs for using current and future payment tools should be transparent

to both retailers and consumers and that they should have the choice to adopt new

technologies.

Customer Safety & Security

IPSO believes that the industry needs to provide choice for our customers while ensuring

security of the products and avoiding customer confusion. We believe that certain areas of

security and fraud prevention should be reviewed on a regular basis by the industry, to keep

up with the fast changing fraud trends in the payments market. Future threats should be

considered in more detail by the regulator – on an on-going basis.

Security is key to consumer trust and the industry needs to ensure that customer trust is

upheld today and in the future, as the payments market changes and new methods of

payments become available to our customers.

The industry should encourage not only the secure use of the payment tools they provide,

but the additional tools used by consumers such as PCs, smart phones, etc. There is an onus

on the industry to fully inform consumers on the risks and dangers of payment fraud and

more importantly on the solutions and preventative methods available to them, both

through the payments industry as well as through use of technology such as anti-virus and

anti-Malware software, etc.

37

We believe that this is an area that needs constant review, ensuring the on-going integrity

of the payments market. There are many moving parts within the payments industry and

the provider of each part needs to ensure that their area is secure.

IPSO believes that the industry security standards need to be sufficient, to avoid any

reputational risks.

Competition

IPSO believes that a level playing field is needed for the payments market. While national

competition authorities regulate the payments industry, such regulation should be

consistent across the board such that all stakeholders can operate in a fair and competitive

market.

The EPC SEPA Cards Framework is important for the future of card payments and should be

adhered to by all banks involved in card payments. Adherence should lead to greater

competition (having a set of standards in place means that new entrants to the market can

slot in easily to any part of the card payments chain).

~end~