Chris Hemsley - PayExpo Payments Leaders' Summit on regulation of Open Banking, payment competition and fraud in interbank payments - 5 October 2021

05/10/2021

Speech PayExpo Chris Hemsley

This is the text of the keynote address as drafted and may differ from the delivered version. This keynote was delivered by our Managing Director, Chris Hemsley at the PayExpo Payments Leaders’ Summit, providing thoughts on Open Banking, payment competition and fraud in interbank payments. 

Good morning, I’m Chris Hemsley, the Managing Director of the Payment Systems Regulator, and I’d like to talk to you about burgers, hotdogs and innovation in payments - three things you’ve probably not heard mentioned in one sentence before.

Bear with me…

When not regulating payments, I help to organise a fundraising barbeque for my local, community rugby club. While reasonably successful in the past, our parents increasingly expect to be able to pay with a card or mobile phone. We had hotdogs; they had money; but we needed a simpler means of exchange.

So we took the plunge into the world of digital payments. As the person voted to know most about payments (which was a relief!) I headed down to Argos and secured a payment terminal. The registration took a few minutes; the checks maybe an hour; and by 6pm that day, we had parents happily tapping mobile phones for burgers and hotdogs. The next working day our takings were transferred to us.

The sales reports, analytics and an ability to set up an online presence were too much for our volunteer sales team. But obviously valuable for more serious small traders.

New technology, innovation, competition and new entry working to bring new products to market. And behind them, reliable and secure payments being initiated, in ways that worked for a community fund raiser.

And an experience that would have been inconceivable only a few years ago.

Why do I raise this? Because a lot is going well in payments – and it is worth reflecting on it.

My own experience highlights the impact that innovation, commercial incentives and competition can have on real-world outcomes.  A theme that I will return to, as I now turn to the ‘to do’ list of issues that the PSR is grappling with – picking out two particular themes: competition and protecting people from fraud.

We recently set out our proposed strategy. And in it we highlight a particular risk that we see in payments – on competition.

In retail, we have historically relied on cash, cheques and card payments for our shopping. But the future of retail payments is increasingly about digital debit payments. New firms have entered and offered choice in terms of how to initiate these payments – Zettle, Square, Apple Pay, Google Pay and so on – but the bulk of these payments still rely on Visa or Mastercard.

In 2019, Visa provided over 95% of debit cards in circulation in the UK. Mastercard provided 60% of credit cards. These figures are now changing, as issuers switch between the two schemes.

But, is this form of competition – attracting issuers – working well for consumers and merchants?

Let’s consider some of the recent evidence.

Our work on card acquiring has set out analysis that suggests that scheme fees paid to Mastercard and Visa approximately doubled between 2014 and 2018. Our conclusions on this point will be published shortly.

Meanwhile, we have seen recent announcements of increases in certain card fees – focused on cross-border transactions – as previous regulatory constraints have been removed, as the UK left the European Union.

However, the absence of specific regulatory caps is not itself sufficient reason to increase particular fees, particularly if these increases are not obviously linked to costs.

Such pricing behaviour poses real questions about how well this market is working, and not just in the context of cross border interchange fees.

As we have made clear in our strategy, we want to unlock the potential of the interbank systems so that they present a viable option to accept greater volumes of retail payments. Ensuring that – at this structural level – UK payments have sufficient diversity and rivalry.

This is not a straightforward task and will take some time. It requires technical changes to upgrade our interbank infrastructure so that it works better for retail transactions – hence our continued focus on getting the delivery of the NPA right.

It also requires consumers to have confidence in using interbank payments – which means getting the right level of consumer protection. Again, reflected in our recent work.

A viable alternative to card schemes in retail payments would mean a more competitive market that requires less regulatory intervention in the longer term. But in the shorter term we might still intervene, including if scheme fees and interchange fees continue to rise unchecked. 

Achieving diversity in payments places significant importance on the role of Pay.UK. In particular, we need the central systems and – importantly – the scheme rules and charges to promote competition.

But this isn’t just true for Pay.UK. It is equally true for Open Banking.

Open Banking represents a real opportunity for more user control over payments, lower fraud risks, and new services. We need it to play its part in supporting competition and choice.

As Open Banking moves from being a competition remedy – guided by the Competition and Markets Authority – into being a business-as-usual part of the UK payments ecosystem, we need to make sure that it fulfils its potential.

Part of this is getting the right governance for the enduring body that will replace OBIE.

But – crucially – it is also about the regulatory oversight.

The payment aspects of this new Open Banking entity need effective regulation. This means regulation by the PSR – as with any other large-scale payment system.

Which takes me to my other significant priority area – fraud. Authorised Push Payment fraud, in particular.

Here, we have a significant and growing problem. A problem we have all inherited as the systems and rules for making interbank payments fail to protect customers. Criminals have learnt how to exploit this.

And it is a big problem. The latest figures from UK Finance report that criminals stole over £350 million, in a six month period - an increase of over 70% on the same period last year.

This is the first time APP fraud has exceeded card fraud.

So, what next; what can we all do to help?

First, we need to push forward with confirmation of payee across the market – making it harder for criminals to trick people through impersonation.

We also need to continue to improve the current, voluntary CRM code to achieve more consistency in how people are protected.

We will continue to work with our largest banks and building societies on these priorities.

But, today, I’d like to focus on three groups: those who are currently falling well short of where we need to be.

  • First - we need social media firms to step up and make it hard for criminals to seek out their victims using their platforms. Something that, as the FCA has highlighted, actually makes social media firms money from the adverts criminals place.
  • Second - we need to see action from payment firms who have not signed up to the CRM code and who are not offering similar levels of protection. You need to protect your customers.
  • And third – to those banking these criminals, however inadvertently - we need to know where the funds are going. Many of the sending banks are stepping up their efforts – but is there enough focus on where the funds are received ?

These three groups need to do more.

We have an important role too and we will be setting out our immediate next steps soon.

What can you expect?

Well, we have heard support for greater levels of transparency. So that customers know how well their provider is preventing fraud and protecting victims. But we have also heard support for making sure that this transparency is fair and balanced. So we are pressing on with plans for greater transparency – an important tool to drive better outcomes.

We also continue to work with Pay.UK and industry to identify and share more information. I know this is not easy – but we can and should aspire to a situation where once we have identified one victim, we move to prevent the receiving account from enabling any more crimes.

And, we want to move from voluntary protection to one that is mandatory. It is good that many of our largest banks and building societies offer protection – but many do not. Without mandatory protection, we have a very obvious weak link in preventing fraud and protecting victims.

But this requires a change in law to allow the PSR to act. We stand ready to do so, should government decide to make those changes.

As we make progress on these fronts, we also need to work towards a better, coherent future. We need to design out these vulnerabilities.

Here, I would like to pick up two particular points.

First, on the speed of payments, I am often asked about whether we should slow down payments to prevent fraud.

My very short answer is: no.

Our payment infrastructure needs to get faster, more reliable and more capable. It needs to do this to meet the challenges of supporting our increasingly digital world.

Instead, how banks OFFER payments to people needs to change.

We need to distinguish between what the central payments systems CAN do, and what is offered to customers for a particular transaction.

Today, very little distinction is made between an FPS transaction to a merchant and one to a friend. And the experience of making a small-value transaction is pretty similar to sending one for several thousand pounds.

And yet, a merchant transaction needs appropriate minimum consumer protection. It also often needs an instantaneous response . And would arguably benefit if the liability for errors rests with the receiving bank.

Whereas, my payment to a friend doesn’t REALLY need to arrive  instantaneously.

And neither does the payment to my lawyer handling my house purchase.

So, instead of slowing everything down, we need greater differentiation.

Keep what needs to be fast, fast.

But don’t initiate high-risk transactions that don’t actually need to settle instantly.

Second, as we think about the future, it is also right to consider what the commercial model should look like.

We have inherited a system with two very different models across cards and interbank transactions. This creates very different incentives on banks to support growth in new payment types, such as on open banking and within faster payments.

On the face of it, this suggests that we need to take a fresh look at how the commercial model can support a dynamic, competitive payments landscape in the future.

Conclusion

I have only had time to pull out a few of the challenges and issues we need – collectively – to address.

Many of these challenges are linked – future competition, the fight against fraud and the commercial model behind payments.

One of the challenges I have is balancing the need for immediate action against the need to make sure that in the longer-term we end up in an even better place. Both of these aspects are reflected in the statutory duties given to the PSR by Parliament.

But, I take comfort from the huge potential for technology, innovation, better use of data and commercial incentives to plot a route through. As my hotdog example showed, there is a lot to be celebrate in payments, but we must all make sure everybody feels the benefit, now and in the future.

Thank you.