The new issues of security of payments

In fact, not only PSD2 – with its famous RTS SCA – but also AML and GDPR have a strong impact in this field. Furthermore, at a prospective level, security of payments is also impacted by new issues linked with Internet giants’ strategies and the consequences of the opening of the market. This topic is analysed in Partelya Consulting report about “The New Issues of Security of Payments “ written by Andréa Toucinho, Director of Studies, Prospective and Training, which will be released in payments market in September 2019.

PSD2, AML and GDPR contribute to the creation of a new legal framework in the field of security of payments. In fact, PSD2 and its RTS, which has to be applied in European payments market in September 14 – even if European Banking Authority (EBA) showed some flexibility in its opinion paper of June 21 – will bring a new model in security of payments: the importance of strong authentication.

This situation is linked with new uses and the increase of e and mcommerce payments, which open more risks for consumers. We can mention the fact that in many European countries, new generations show more and more interest for electronic transactions and mcommerce. For instance, in Italy, the growth of m-payment is twice more important that European average. In the Netherlands, the use of instant payment is boosted by mobile uses. And in Portugal, the success of SIBS MBWay solution also testifies to this reality. Confronted with such new uses, European authorities are aware that the security of payments has to be reinforced.

A new legal framework is emerging

The payments market is also impacted, in the field of security, by two other legal texts, also linked with new uses: GDPR, which brings a European framework in data protection and asks many questions about the relation between payments and data, and AML with the reinforcement of payments in the risk policies, above all in relation with the combating of the financing of terrorism. As an example, we can mention the fact that prepaid cards have been addressed in the 4th AML directive, whereas the 5th one addressed more specifically the issues of digital technologies. Data remains also a big issue when we know that the evolution of KYC technologies asks many questions about the relation between payments and GDPR legislation. Furthermore, we cannot forget the experimentations of financial entities in the field of personalisation, which have to be analysed in relation with this new legal framework. The evolution of biometry, for instance face recognition, or even Internet of things, bring many questions about data privacy and these questions will have to be dealt with by all actors of the market. Consequently, nobody can deny that a new legal framework, built by the relation between all these legal texts and innovations of the market, is emerging.

The challenges of compliance

This evolution has a great impact for compliance officers who have to deal with more administrative processes and to manage many different issues. According to lawyers and compliance officers from many institutions, their work will live and evolve to a more opened and multifunctional role. Compliance officers will have to work more and more with other functions in the company – technology, marketing, innovation… - and will have a more strategic role in the payments market. For instance, they will have to develop a strategic vision in analysing the perspective of new technologies, such as artificial intelligence, for the evolution of their work. Their role in payments companies will be more and more strategic for the building of new solutions and the development of new strategies.

Internet giants: new models?

Other issue about security is the opening of the market. This situation is, nowadays, a reality, and not only European institutions – such as European Commission – but also actors aim at reinforcing it. This new deal brings more opportunities but also questions about the future of payments in an opened and multisectorial context. The diversity of actors can be a huge question in terms of security when the market realises that Internet giants – such as GAFA and BATX – don’t have the same rules and strategies as banks and fintechs, and will bring, consequently, new models which can impact the stability of the sector.

This leads to a question, which is more and more important when we know that national positions are diverse in Europe. For example, if French institutions pay a huge attention to the risks linked with these Internet actors, Portuguese and Spanish ones are more opened and convinced that partnerships between financial institutions and Internet actors can bring value to the market. In addition, new technologies, born with digital, like crypto-assets, may also impact the sector. This situation has already been proven with the questions about Bitcoin or, more recently, Libra, the new initiative of Facebook.

This situation reinforces the fact that European actors have to work together to develop a common vision and strategy. Furthermore, the European consumer has to be informed about the new issues of the market, as the information and communication represent the guarantee that innovations will be integrated with a same level of security, as wanted by European authorities.

About Andréa Toucinho

Payments and financial services expert, Andréa Toucinho worked during 10 years as Journalist - Editor in Chief of Point Banque magazine and Head of PayForum and Banque et Innovation events. She works since 2018 in consulting area with activities in Paris as Director of Studies, Prospective and Training of Partelya Consulting, and Ambassador for France of European Women Payments Network (EWPN). She also developed activities with Portugal and Spain as France Representative of Aefi and Afip Fintech Associations.