„The future of commerce: the end to payment competition?“

Payment is not an end in itself

 

Payment is a growth market and exciting start-ups, new payment methods and interesting partnerships are emerging almost daily in 2020. Exorbitant sums are being paid by private equity firms and other market participants for payment companies, always in the hope of even greater growth and profits in the future. However, one should never forget that payment is not an end in itself. No one needs payment for the sake of payment. Payment is needed to enable trade. The exchange of goods and services for monetary value is the very purpose why payment services exist. It helps the many companies and people to sell their goods and services to other people and market participants. It is clear that customers and consumers like it when this is done as simple and smooth as possible. But probably no one would object if the annoying process of “payment” could be dispensed completely. Especially against the current background of the corona virus and the transmission of viruses via cash or payment terminals, many merchants point out the advantages of cashless and ideally even contactless payment. This leads us to a far-reaching thesis: the holy grail of payment would be to abolish itself – to make payment redundant. Well, maybe not redundant, but just to take a back seat and integrate seamlessly into the processes. That means completely silent. Without interaction.

 

Queuing up at the checkout is optimised

 

For some time now, the large supermarket chains EDEKA and REWE have been introducing services such as self-scanning for checkout as pilots in Germany, and much earlier abroad. If possible, the actual work should be outsourced to the end customer, with cashiers becoming increasingly redundant or reduced to a monitoring function. Unfortunately, one last process step is still left over – the customer still has to pay. The customer should also be relieved of the payment, and so concepts such as Amazon Go are currently being developed. Consumer electronics retailer Saturn is also experimenting with this type of easy and seamless checkout, and retailer chain Real is also piloting such tests. What they all have in common is that in one way or another they are trying to completely automate or eliminate the process of “putting goods on the conveyor belt and paying”. In some cases, customers have to use an app to scan the goods themselves and then pay for them in the app or at a payment terminal. Ideally, the customer simply walks out of the store with the goods in hand, smart technology recognises the customer and the goods and settles the purchase fully automatically, as for example with Amazon Go. The customers simply receive their receipt or invoice in the app or via email as soon as they leave the store. This payment process, which is very simple from the customer’s perspective, is already known from the Uber product. Everything the customer might notice is the debit on the bank account or he sees the debit on the credit card statement. For this purpose, the customer has usually registered somewhere beforehand, e.g. in an app, stored his desired payment method and authorised the payment once. The special thing about these processes is that they are remarkably similar to those used in e-commerce. The big difference to payment at the POS is that the customer no longer decides how to pay for each purchase, but rather only defines this once and authorises it accordingly for any payments in the future. Accordingly, this stored payment method is set forever or, in the case of credit cards, until the validity period expires. The competition of payment methods is over, the payment method is predefined and permanently stored. Amazon as the relevant player in eCommerce is increasingly transferring its expertise from the online world to the offline world. After the purchase of Whole Foods, Amazon is now experimenting with Amazon Go with its own physical stores and has already announced to offer this technology to other merchants.

 

IOT quickly becomes machine-to-machine payments

 

In 2020, more and more everyday devices are connected, will be smart and increasingly independent. This refers to widely used devices such as Google Home or Amazon Alexa, but also to the German’s favourite toy, the automobile. It won’t be long before the car can independently trigger payment at the gas station. The first initiatives such as Shell SmartPay or BPme are already moving in this direction. Paying without carrying out the actual payment process is already possible in voice commerce with Amazon Alexa. When ordering by voice, the shopping experience is reduced in extreme cases to a few words such as “Alexa, order new toilet paper!” In times of Corona, where toilet paper mutates into a status symbol, maybe not so bad. No more lenghty article selection with price comparisons and reading reviews. The decision on the choice of payment method? This has been done once during setup and will never be considered again. The payment is simply executed. Also at this point there is no more competition between payment methods.

Merger of POS and eCommerce leads to standardisation of payment methods

Omni-Channel is another important trend in retail. As a big buzzword driven through the village by the payment industry, this trend is slowly making its way into reality. Customers expect and demand a uniform shopping experience and the dissolution of the boundaries between stationary trading and online commerce. For customers of various retailers, it is now a matter of course to exchange goods purchased on the Internet or mobile in the next shop and vice versa. If a desired article is not available in the store, it can be delivered to the customer’s home without any problems. The customer expects a consistent experience, the stored shipping address should be as known to the stationary shop as to the online shop. The same applies to the payment methods. Seamless transitions, refunds and payment options. All a matter of course from the customer’s perspective. For companies, merchants and payment service providers, this means ample conversion measures, standardisation and harmonisation of legacy IT infrastructures, adaptation of ERP systems and processes and, above all, for service providers, of course, that they have to offer a one-stop solution. The retailer needs everything the customer demands for his business. All major payment providers have now adapted to this more or less well and optimised their systems, services and solutions. This shows that the two worlds not only converge, but that there can even be overlapping, integrated and interactive retail management processes. It is clear that this will also lead to the standardisation of payment alternatives and this is already being perceived as such.

 

The future of payment is the background

 

Handing over your hard-earned money is rarely fun. Agonizingly slow processes, tedious input of security features and remembering all those 3DS passwords… nobody really wants that. And a merchant only wants to make sales, i.e. conversion. The only ones who seem to like the complexity are the regulators that have just raised the bar a bit higher with the PSD2 and will make it a bit harder for the consumer to pay. Enough reasons for customers to mature their wish to banish this unpleasant process from their field of vision to the background. Paying with a quick look at the mobile phone (FaceID & ApplePay or Google Pay), a short button click (PayPal OneTouch) or simply walking out of the store (Amazon Go) – the actual payment process moves into the background and will be best if made almost invisible. Those who are able to place themselves first in this big trend and which the customer saves as his preferred payment method will be the winners of the next big era of payment. The less the customer has to do actively to participate in the payment process, the better customers will find it in the context of a value-added shopping experience. And then nothing will change for a long time. Why should the customer change his payment method when everything works quietly in the background? What incentive would he have? I mean… probably none or the payment provider has to buy the preference at a high price…

 

Making something appear simple is usually the biggest challenge

 

Apple invests millions, if not billions, in the development and design of its products. It is no coincidence that iPhones are so easy to use and have a very simple design. Anyone who has ever tried to paint a picture or design a website knows that it is incredibly difficult to make things look elegant and chic or to make an end-user process feel natural. The same is true when you’re trying to move payment in the background and make everything look easy. In depth, payment is incredibly fragmented and complicated. There are a multitude of protocols, regulations and market participants involved. The recent regulations on Strong Customer Authentication with the Payment Service Directive 2 and the new standard 3DS 2.0 that comes with it alone are dizzyingly complicated. Looking at Germany, the very decentralised and inhomogeneous POS infrastructure in particular is a major challenge. In order to achieve the necessary degree of standardisation and harmonisation here, which will be necessary to make the world of payments virtually invisible to the end customer, major challenges will arise for payment service providers, network operators, acquirers, merchants, schemes and regulators alike.

Just how challenging standardisation can be if it is to be achieved in an international context can be seen impressively in recent years in the attempt to introduce a uniform plug standard for charging mobile phones. The EU has been trying to push this forward for years and manufacturers, above all Apple, are becoming increasingly creative in circumventing EU regulations. The payment world will face similar challenges. None of the providers in the value chain will have any great interest in making themselves redundant and hiding in invisibility. The race of the payment providers to become the “all-rounder-Omni-Channel-one-stop-shop-payment-service-provider ” will continue in 2020, because everyone wants to be able to offer exactly that to their customers. Everything from a single source, seamlessly integrated, largely in the background and yet still earning good money as a company itself.

We are very excited to see which payment provider will be able to solve all these challenges of his business in the best possible way. It is clear that the distinction between online and offline is becoming increasingly blurred and representatives of both milieus are trying to cover this seamlessly…

„Fiscalisation: New cash registers for retailers in Germany?“

Fiscalisation will come into force in Germany on 01.01.2020.

The primary objective of this measure is to curb the generation of black money by documenting each transaction that has occurred. In a letter from the Federal Ministry of Finance dated 06.11.2019, it was announced to the contrary that merchants would be granted a further period of grace until 30.09.2020. The letter describes that merchants without an installed technical safety device for documentation purposes, do not have to fear any penalties until the deadline expires. Despite this transitional period, fiscalisation raises more questions than answers for merchants. In particular, it has not been fully clarified how the implied changeover will take place, what rules will apply and what will happen in the event of non-compliance. For this reason, the following blog article addresses the most persistent myths and subsequently deals in depth with the subject of fiscalisation.

 

The cash register obligation comes to Germany!

Fiscalisation and the associated “Cash Register Anti-Tampering Ordinance” (KassenSichV) are not to be confused with a cash register obligation. An obligation does not exist in Germany and is currently not planned, since the administrative expenses caused by this would be disproportionate from a cost-benefit point of view and it would involve a considerable high administrative burden. This applies in particular to weekly markets, community/club festivals or farm shops and street vendors as well as to persons who do not offer their services at fixed locations. Moreover, exceptions would not be legally definable. Thus, the range can go from an open cash register, through a mechanical cash register up to an EDP cash register.

 

I need to buy a new cash register!

Reality: If the cash register has been purchased later than 25.11.2010 (§ 30 Abs. 3 zu Art. 97 EGAO), GoBD compliant and cannot be upgraded, a transitional period until 01.01.2023 applies. If the cash register can be upgraded, the upgrade has to be done by the cash register system manufacturer accordingly.

 

Certified cash register system: Cash registers must be certified from 01.01.2020!

No, only the technical safety device / software must be certified. This device consists of a security module, which logs the cash register entries at the beginning of a recording process to prevent subsequent manipulation, a storage medium, which stores the individual records for the duration of the statutory storage obligation, and a holistic, digital interface to ensure smooth data transmission for auditing purposes. As already mentioned at the beginning, despite the entry into force of the KassenSichV, for the time being there will be no sanction for violations of implementation.

 

The KassenSichV comes into force on 01.01.2020?

Yes, the KassenSichV will officially come into force on 1 January 2020. However, the letter published by the Federal Ministry of Finance dated 06.11.2019 shows, that recording systems within the meaning of §146 of the Fiscal Code (Abgabenordnung, AO) which do not have a technical safety device will not be objected to until 30.09.2020. This also means that the digital interface of the fiscal administration for cash register systems (DSFinV-K) published in August 2019 is not applicable.

 

What exactly is a fiscalisation? Am I GDPdU and GoBD conform and what has the paragraph §146 AO to do with it? Do I have to buy a new cash register/tablet or even exchange my hip cash register system in a slim design into one of the chunks from the old days?

 

Computers and the associated possibilities are part of everyday life today. This also applies to the electronic processing of data. In the course of the last century, systems for bookkeeping reconverted from their original, paper-based version to electronic systems for bookkeeping. Unfortunately, these electronic accounting systems have often been misused to allow unverifiable manipulation of sales data and the related evasion of taxes and social security contributions. In order to limit this evasion, in the 1980s the first data carriers were utilized to store sales data. The resulting process, aimed at storing sales data and thus the public treasury, became known as fiscalisation.

 

Almost 40 years after the first fiscal storages were used, a comprehensive ordinance, the so-called KassenSichV, should be developed and enforced for the electronic cash register landscape. The fiscalisation of electronic cash registers and their requirements serves exclusively to fight merchants who process funds tax-free and thus gain a competitive advantage over those who declare their sales turnover properly. This topic has special relevance, since current cash register systems have back doors installed, which can be exploited by users. Multiway, a cash register system manufacturer mainly for Asian restaurants that apparently made it possible to cancel booked items in order to evade taxes, caused quite a stir with this function in early 2019. In some cases, the will to evade taxes goes so far that customers only purchase a new cash register if it allows the cancellation of transactions without evidence. Thus, a state regulation – which would not have been necessary if the manufacturers of cash register systems had consistently complied with the regulations – would not only reduce potential black money but also eliminate the financial advantage of evading merchants.

 

In order to gain a better insight into the forthcoming fiscalisation of the German cash register landscape and its requirements, some terms such as GoBD, Kassensicherungsverordnung or §146 AO must be clarified.

 

The GDPdU or “Regulation on data access and auditability of digital documents”, which came into force on 01.01.2002, for the first time held the tax payer accountable by contributing to an administrative regulation. As a result, merchants had to archive all tax data for 10 years and make it available to the tax authorities during an audit if required. On 01.01.2015 the GDPdU was replaced by the GoBD. The GoBD or “Principles for the proper keeping and storage of books, records and documents in electronic form as well as for data access”, contains as administrative regulation that an immutability of the data must be given. In addition, the individual recording obligation as well as the possibility of data export in a predefined format belong to the general principles of the GoBD. The simple storage of cumulative shift sales in the form of so-called Z-reports, i.e. the day-end closing reports at the cash registers, is not sufficient. Compliance with the directive on protection against manipulation must be guaranteed by the cash register manufacturers. However, actual control lies with the competent tax offices. In this context relevant, neither the GDPdU nor the GoBD have the enforceable effect of a regulation, since only the principles of orderly bookkeeping (GoB) are regulated in the Fiscal Code. Due to the fact that the Ministry of Finance has not made a clear statement as to which criteria an electronic cash register must meet in order to be compliant, the GoBD does not necessarily offer legal certainty.

 

In contrast to GDPdU and GoBD the KassenSichV is a regulation of the Finance Ministry which prescribes as obligatory new standards for the prevention of manipulations at cash registers. The KassenSichV of 26.09.2017 is based on the Act on Protection against Manipulation of Digital Basic Records from 16.12.2016. From 01.01.2020 onwards, cash registers in Germany whose design permits it technically must be equipped with a so-called technical safety device (TSD). The security device stores the transactions of the cash register in its internal memory and returns a code to the cash register. This code shall be printed on each sales receipt. The data must be stored in a protocol that can be exported by the tax office. Cash registers purchased between 25.10.2010 and 31.12.2019 which cannot be upgraded may be renewed until 31.12.2022.

 

Although the terminology has now been clarified, the question of legal enforcement and the consequences for merchants in the event of non-compliance remains. The regulations for reviewing transaction data states that a cash auditor may enter the shop unannounced during normal business hours and observe the use of the cash register (no identification requirement; keyword test purchase). In addition, the auditors may require the management (or a qualified representative) to conduct a cash check (ID card requirement). In addition to business premises, this also applies to sales vehicles, e.g. food trucks. If the audited records are not sufficient, an external audit may be ordered. Anyone who concludes after this vast amount of information “Fair enough, but what happens if I continue as before and in the worst case pay a fine” should be warned at this point. If non-compliant cash register systems (including security devices) are used, the merchant may be fined with up to 25,000 euros.

 

The aim of the KassenSichV is to determine and prevent the subsequent manipulation of sales data. Here, the audit is conducted based on the export of the cash register journal as well as evaluation data, programming data and master data change data, which is examined by a software of the tax offices. The necessary technical safety equipment consists of a safety module, a storage medium and a digital interface, which enables the export to be read out. In the future, documents from compliant systems will have a continuous signature including unique information from the previous document/receipt. This signature is stored encrypted in a security module and can therefore not be changed. If the chain of signatures is interrupted, you can quickly find out where a manipulation took place. This module must be accessible consistently, since communication between the cash register and the security module takes place not only during signature creation, but also when articles are entered. Due to this constant accessibility, there is a clear implication that cloud-based cash registers may no longer be able to work offline from 01.01.2020 onwards, if this results in an interruption of communication with the module. For this reason, contact should be sought with the cash register system manufacturer, as the latter must provide the solution or software for his system.

 

With this short summary of the not entirely new idea of German fiscalisation and the answering of the most important questions, the question remains with regards to the conclusion. There is no dispute that Germany is a country with an affinity for cash. It is also not disputed that not every euro is properly documented with the tax authorities. However, the question remains as to whether the implementation via new cash register systems is really the solution to the problem of tax evasion or whether it does not even create others. What are the implications of paper-based receipts in an increasingly ecological society? Is it appropriate to establish a closed standard in an open source working community? Is the tax money evaded in the form of cash really reduced by the defined exceptions?

 

These questions have not yet been answered. What is certain is that the law, which will come into force in January 2020, will remain ineffective if standards are not clearly defined and enforced by an adequate number of auditing personnel.

„The SCA launch: a 5-minute instant soup?“

On 14.09.2019 the martyrdom of European payment diversity in electronic payments began

What has happened so far …

When the European Commissioners were considering an amendment to the PSD1, which came into force on 1 November 2009, the desire for greater security in electronic payment transactions was one of the driving factors, along with the idea of a level playing field in the payments market. Very noble and also challenging goals, which were certainly owed to the market events in the electronic payment industry.

Strong Customer Authentication (SCA), as one of the driving factors in the PSD2, should reduce the problem of uncontrolled misuse in electronic payments by allowing electronic payments to be doubly secured through independent authentication procedures. So far, a really commendable approach, which should help to get the fraud problem under control.

For the implementation, however, a definition of a catalogue of requirements was required, which had to describe exactly this so-called two-factor authentication (2FA) in the payment systems of the EEA payment service providers. In accordance with the motto “many chefs spoil the broth”, the star chefs of the European Banking Supervision Authority (EBA) were put in front of the stove in Europe, supposed to cook exactly this soup with the ingredients of the Strong Customer Authentication (SCA). The EBA soon found out that the ingredients for preparing the soup were not clear to them and asked his assistant chefs – the payment service providers – how the composition of the soup should be made. By the time this survey and information gathering was complete, our star chefs had written down their recipe in the Regulatory Technical Standards (RTS).

And now the great cooking began…

From water pot to finished soup …

On 27 November 2017, BaFin adopted the “Delegated Regulation (EU) 2018/389 of the Commission of 27 November 2017 supplementing Directive (EU) 2015/2366”, the German implementation of RTS. So the RTS now manifested the basic technical rules in the German text of the law that were supposed to make the SCA soup boil – and preferably with a pleasant taste for everyone. At the same time, 14 September 2019 was mentioned as the target date by which all EEA payment service providers must authenticate their electronic transactions according to a “new reading”.

However, card-based payment transactions are based on the networks of the large credit and debit card organisations (VISA, MasterCard, American Express, JCB, Diners, DK, etc.). Exactly these scheme operators have now been ordered to draft a set of rules which integrates the information on the adaptation measures required in the RTS into the processes of the individual parties. This implementation in the individual companies was implemented centrally with the introduction of the new 3D Secure 2.0 (3DS2) protocol. Unfortunately, however, there was a whole cookbook of rules per entity that had to be taken into account with the use of 3DS2. And as is usual with cookbooks, these are never congruent across the board – at best similar – which naturally led to a significant increase in the requirement criteria for technical implementation.

Now the big guessing began. The payment market is a very heterogeneous system in which many service providers have different tasks and responsibilities. The EBA, as the initiator of the amendment, only spoke and talks to the regulated payment institutions and service providers and prescribes the newly adopted procedures for them. Other service providers involved in the service chain (e.g. MPI/3DS2 operators, GDS (Global Distribution Systems) such as Amadeus or Sabre, etc.) are not or were not directly affected by the SCA requirement, but sometimes play a major role in technical/operational processing for the execution of authentication. The pure authentication process is therefore a regulated process, which should, however, sometimes be implemented by unregulated service providers – a contradiction in itself.

Many cooks spoil the broth…

The payment processing empire consists of many parties. There are the

All these parties and stakeholders are involved in the implementation of the SCA requirements, but sometimes pursue very different objectives and interests.

As a result, certain use cases are not considered at all or only peripherally by one or the other party. However, it is at least as irritating for the payment ecosystem that different stakeholders interpret and implement supposedly identical facts in different ways – and this in the absence of clear regulatory or defined specifications of the schemes.

A very prominent example of this is the very hotly discussed handling of key entry transactions in the travel and tourism industry in recent weeks. With this transaction type, card data is entered manually into the payment terminal at the point of sale or an online input screen (sometimes without the cardholder being present). Since neither the regulator describes these transactions as “electronic payments”, nor the card organisations themselves present an alternative to the SCA obligation, this increases the creativity of merchants (and thus the service providers serving the merchant, PSPs and acquirers) to circumvent the SCA obligation.

Unfortunately, there is no homogeneous procedure or guideline for implementing SCA logic that has been agreed with all parties.

The oversalted soup: not only a bitter aftertaste

Since 14.09.2019 the PSD2 and with it the strong customer authentication has officially entered into force and many open questions are still unanswered. The business transactions in the aforementioned travel and tourism industry are particularly affected by this.

The ignorance of the regulators – be it the EBA or the respective national regulator (BaFin) – have fueled the uncertainty in the market in recent weeks through its reluctance to make decisions rather than to rebute it.

Unfortunately, the result is not quite unexpected. Large and well-known players in the payment ecosystem such as Amadeus and Galileo have already informed their customers that their systems will not be able to fully meet SCA requirements by 14 September 2019. Although this is only a restrictive statement, it nevertheless shows that the time period for implementing the outstanding questions was not sufficient. And this is exactly what BaFin has not yet wanted to take into account, despite the ever louder signals from the market and also from the companies regulated by BaFin.

The previously mentioned 3DS2 protocol has a decisive advantage compared to 3DS1, which raises the justified hope that a drop in the conversion rate can at least be avoided: the so-called “frictionless authentication”.

In this process, the merchant provides the issuer with a complete set of additional, risk-relevant information that the issuer can evaluate itself and then approve the transaction or payments without interacting with the cardholder. On the one hand, this procedure removes the liability of the merchant for the loss event and transfers it to the issuer, and on the other hand does not require any further interaction with the cardholder, which could possibly lead to a termination of the transaction.

But since – as things stand today – neither the issuers know exactly which parameters for evaluation in their fraud prevention systems will really have a positive effect on smooth transaction processing, nor the merchants are able to transmit the optional fields required for the issuers in the authentication message across the board, the market runs the risk of not using this powerful instrument at all. The PSD2 guidelines should avoid exactly this.

And it is precisely at this point that it would once again be necessary to have a regulative specification through the corresponding schemes, which would put the issuers in a uniformly defined state.

Seasoning of the soup and its improvement

Ultimately, however, the BaFin gave in on August 21 – at least for the e-commerce sector – and announced in its statement that it would tolerate e-commerce transactions that had not (yet) been SCA-authenticated for an indefinite period of time. However, the SCA obligation was by no means lifted as of 14 September 2019. According to our star chef, the BaFin will never give up its SCA soup, but rather try to make it “bearable” for the consumer by skillfully tasting it.

However, BaFin must not forget when “tasting” that it is only one of the assistant cooks of the SCA soup. An inhomogeneous handling in the EEA of the toleration regulation described above generates an even greater sense of uncertainty than is already the case. Nationally differing regulations would confuse both the merchant and the cardholder to the maximum. To avoid precisely this situation, a much clearer EBA specification would be much more helpful.

Therefore, it remains to be seen to what extent this will be achieved or implemented.

Summary of the cooking course

As already mentioned, the uncertainty on the market in dealing with the use of SCA has clearly stimulated the creativity of the merchants due to the acute urgency before the implementation on 14.09.2019. This sometimes goes so far that in the absence of suitable SCA alternatives, so-called “alternative payment methods” (such as PayPal, Paydirekt, Wallet systems, etc.) are given preference over SCA-liable card transactions. The operators of these alternative payment methods observe this extremely favourable effect with a broad smile for them, as without extensive marketing expenditure they do profit from the lack of coordination and the weaknesses of the regulatory system without own effort from the competitors. And this was – and cannot have been – in the spirit of the regulator when the SCA obligation was developed (we remember the goal of increasing competition).

Even if the SCA obligation has now entered into force on 14 September 2019 – albeit in a weakened or delayed form – the toleration period with regard to the PSD2 guidelines should be used sensibly. Above all, one should learn from the mistakes since the release of the RTS. And this learning effect must start with all parties involved, so that after the end of the toleration period there is no D-Day again and nobody knows how and when to prepare for it. The alarm signals for such a situation are already red, as merchants have already announced that they will only activate the SCA obligation at the end of the toleration period, in order not to suffer a competitive disadvantage against the competition themselves prematurely.

Coming back to the initial concern of the SCA obligation – namely the reduction of fraud and thus the safeguarding of cardholder integrity – it can only be stated at this point that the EBA, with its chef assistants, the national regulators, has led the “SCA project” up the garden path for lack of clearly defined specifications. Let us hope that the regulators have learned from the past months.

Only a common approach involving all stakeholders in the payment ecosystem can guarantee the desired success with regard to rule-compliant SCA use. It would be a pity if the opportunities opened up by SCA for clear security and also for a customer and cardholder-friendly authentication procedure could not be exploited due to exceptions and the ignorance or decision-failure of the competent authorities.

„Status Quo in B2B Payment Transactions: From Desire to Reality“

While citizens in Germany are consciously or unconsciously using new and innovative forms of payment beyond cash, mobile-only banks and other payment means driven, among other things, by Fintech’s, the use of innovative methods is stalling in other areas of banking. We are talking about the complex subject of corporate banking, here in particular with a view to payment transactions.

 

But why is that?

 

We’ll start with an example: “Please help the authorized signatory of company XY to fill out the bank transfer form and then submit the floppy disc for processing the salary payment to the back office? ” Does that look familiar to you? The cashier’s inquiry might have sounded like this or something else in the training of a bank clerk.

The training was completed years ago and (fortunately) a lot has happened in payment transactions apart from cash payments and accounts. Or isn’t the difference to the past then so great? For comparison: 10 years ago Steve Jobs presented the first iPhone. Considering the development stages the iPhone has gone through as a smartphone since then, the further development of payment transactions by corporate banking customers over the past decade has been very cautious.

Payment transaction requirements differ considerably among users (private customers or corporate customers). The thought leaders, digital natives and technology nerds attach importance to an appealing user experience and innovative features in their private environment. They now want to enjoy all facets of the banking business digitally far beyond the online account alone. However, companies pay much more attention to issues such as security, data protection, system stability and the (unfortunately) well-known “never change a running system”. Despite increased private curiosity about innovative, digital products for finance and money, progress among corporate customers is almost non-existent.

 

But what or who can be a driver of innovation and where is a corporate customer’s payment traffic heading?

 

A company has two essential requirements for its payment transactions

1.) Receipt of information in the form of an (electronic) account statement, and

2.) the execution of payment transactions (e.g. bank wire transfer)

This is usually controlled and managed via an electronic banking system. Communication is largely defined by the EBICS standard. In particular, the introduction of SEPA was and is for many corporate customers a (first) major step towards the professionalisation of payment transactions. The conscious examination of the existing path of payment transaction management showed the status quo and highlighted the strengths but above all also the weak points. SEPA provided the Cash Manager/Treasurer with a tool which, if used correctly, increased efficiency and can continue to do so. Through the introduction of SEPA, formats were defined that are identical in the SEPA area and thus make payment transactions across national borders easy.

Now, however, there are some limitations. Very often, medium-sized companies in particular use systems for payment transactions and account management that meet the minimum requirements for an electronic banking system but slow down the modernisation, automation and professionalisation of payment transactions within companies. Why is that? Habit, fear of change, personal preferences, no trust in future generations and technologies?

Quickly we end up with the ‘chicken-and-egg’ problem. Should banks set the course and impose their own digital agenda on companies and, for example, offer modern electronic banking systems with great features, if possible by use of a block chain (somewhat exaggerated) and interface-optimized? Or does this impulse also have to come from the companies? Do the banks have to make their customers much more accountable for this, or must mutual understanding first be established? Is such, almost cooperative, behaviour possible at all, or is the relationship between customer and service provider too pronounced for this?

 

What do companies want when it comes to payment transactions?

 

According to a study conducted by Commerzbank together with FH Mittelstand, companies today want to manage their liquidity and cash flows holistically at all times. In the past, it was only administered, today it used to be efficient, active and professionally managed – also through the use of software. The reasons for this are transparency, reduced transaction costs, intra-group liquidity management and automation. A cash management system/electronic banking system is now used by around 50 percent of all companies (both large corporates and SMEs).

Despite the use of an electronic banking system, only 10 percent of companies also use access via an app to a mobile device or tablet. Unlike private use, where a variety of third parties now access our financial information, companies do not want their information to be used by third parties (excluding tax advisors and auditors). This was stated by 75 percent of the respondents. A similarly high number of users of cash management systems do not expect cash management to be interconnected with other internal systems for the reasons of data protection and security mentioned above. It is astonishing when one looks at the already described curiosity for innovation in the private environment and digitisation activities in other areas of a company.

Nevertheless, many employees in finance departments make an effort and claim to gradually transform the structures that have grown over time into the modern and digital world. No quantum leaps, but adapted to the circumstances. This is where the banks come in.

 

What do the banks want concerning the payment traffic of the future?

 

The attractiveness and earnings potential of corporate customers should be a source of inspiration for domestic banks. Confidence remains high and the hurdles to switching after setting up a functioning electronic banking system including payment transactions are very high. Enough reasons to continue to act as the hub of a corporate client’s finances in the future. However, there is only limited time to rest. The banks find themselves in a competitive crowded-out market and are attacked by large foreign banking institutions and above all technology groups.

Banks often offer their customers cooperations with partners or set up platforms that provide the customers with supposed added value without responding to the concrete wishes of the customers. Fintech’s many good ideas and in-house approaches are made available to the customer as unfinished piecework without (felt to be) a clear strategy. Whether there is a concrete need is often only questioned in the next step. The developments within the banks are thus developed independently of the customer and, in many cases, are not in line with the customer.

Banks want to make their services appealing to customers through their advisory strength and expertise. The Transaction Banking departments advise their clients with experts on all topics and information relating to the transaction business. More complex issues in particular, such as the sale and payment of a machine or the provision of a service abroad, are complex, cross-border and cross-currency and require the bank’s expertise or correspondent banking network. Here the banks currently still have a very large asset to defend. Many new players on the market, such as Transferwise in foreign payments, portray things that were originally a traditional banking domain (see also Michel Hilker’s blog article “Quo vadis AZV“).

In addition, banks not only want to make their corporate customers happy, they also want to drive their own processes forward. Because in order to offer a customer an innovative product, you have to be an innovative bank that can also provide and execute these products. Often a break in the thought process between the wishful thinking of “modern bank” and reality.

 

Common denominator!?

 

We see that a professionalization and a certain rethinking has begun in the finance departments of companies. The desire for changes is there, but from the point of view of the respective departments often resembles an open-heart surgery at the payment transaction processes. An adaptation is only possible step by step. The bank must create system-side conditions in order to be able to implement new systems, processes and requirements and not remain stuck on its “legacy”. The often cited “thinking from the customer’s point of view” must also remain a strong focus in corporate banking. The banks should avoid going it alone.

Companies must initiate and closely accompany the change of their systems, and there must be a strong commitment by the employees conducting the change and the responsible management. The active involvement with the topic of payment transactions must be an essential part of the job profile.

The majority of medium-sized companies should give the coming technical and personnel generations in the finance departments the chance to implement new approaches and to trust these approaches as well as the executors. Otherwise, the desire for progress remains only a wishful thought – and not only with regard to payment transactions.

„The OSTHAVEN view of the present & future of Artificial Intelligence in Banking & Payment“

Are we really abolishing ourselves?

 

The topic of artificial intelligence (AI) has been discussed so often in recent days. The German government plans to spend several billion Euros to make Germany fit and to keep up the pace in the dramatically increasing competition of R&D within the field of AI. Companies from Silicon Valley compete with transfer fees for demanded researchers. One might think that AI is about to seize world domination. The myths and stories picture various horror scenarios and outdo each other in drama. Celebrities like Elon Musk and the recently deceased Stephen Hawking warned of nothing less than the downfall of mankind.

High time to take a look at this topic on our OSTHAVEN blog – factually, differentiated and specifically related to our industry – Banking & Payment.

 

Artificial? Intelligence?

Let’s start by taking a close look at what we are actually talking about. Before we deal with the “artificial” part of intelligence, let us first focus on the topic of “intelligence”. To this day, the field of “intelligence” is largely unexplored and lacks a clear definition of what exactly intelligence is. The existing definitions blur between biology, physics and philosophy. Up until today we do not understand exactly how we humans actually function. Expressed in lay terms, one can say that our body is streaked by nerve tracts and muscles, whereby in their control centre, the brain, all threads run together. Neurons flow back and forth in our brain and nerve tracts, switching and acting in a similar way to modern computer processors in our thoughts and actions. From birth, and actually before that, we humans gradually learn all our abilities. During our first weeks of life, for example, our brain learns that what we see in front of our own eyes are our own arms, hands, legs and feet and that we can control them with targeted muscle contractions. So the cute clumsy baby, who unconsciously hits itself in the face with the hand, eventually becomes the cute toddler, who consciously takes his shaky first steps. Behind this process lies a complex interaction of nerves, brain and muscles that we have not yet fully understood. You could say it’s a miracle. But the more we explore the field, the more we see that what looks rather complex at first glance is on a small scale simply the interaction of biological and physical processes. It gets even more complicated when you think about what exactly our soul is, where our free will comes from and in very simple terms what makes us get out of bed every morning and what makes us do everything we do all day long.

The vernacular would declare us humans as intelligent beings. Some certainly more intelligent than others. Humans do things using their mind. Humans are weighing a given situation and decide based on their assessement of the situation. Humans plan ahead and anticipate. Humans act based on experience and what has been learned. Humans try out. But humans also do make mistakes. Why is that? This is a question that we are unable to answer completely based on the current state of knowledge. But we are certain – we are intelligent.

Now the human race has set itself the ambitious goal of artificially recreating “intelligence”, which it neither understands nor is able to define precisely. So let us note that we cannot exactly understand or even define the target we are pursuing.

We now have arrived at the interesting aspects of this dilemma, which makes this topic incredibly attractive, exciting and complex. Research on AI is entering a new field, driving and chasing other fields of research forward and has even helped us humans to better understand ourselves.

Broadly speaking, we have begun to reproduce the researched areas and functions of the human brain with computers, which are ultimately very complex electronic circuits.

 

Man versus machine – two simple examples

For the following thought experiment imagine a photo of any cat. Who will recognize faster whether the animal on the photo is a cat – man or machine? The answer is usually man. For another thought experiment, please briefly consider who will find it easier to calculate the following formula: (2342 * 2345) / 234444 + 23445 * 12499584 – man or machine? In this discipline we would most likely be beaten and use a calculator instead.

A researcher at Stanford University, together with Google, has taught an AI to recognise cats in images. Any cats, in any colors, positions and clippings. For this, AI had to be trained manually in a cumbersome process with over 1 million images. But if you present this artificial intelligence with a picture of a dog, it is at a loss.

What we can learn from these two thought experiments is that computers can work insanely well with structured, formalised content, such as mathematical formulas. There are clearly defined numbers, operators and calculation rules that have to be adhered to in order to reach a result. Computers can do this at speeds unthinkable for the human brain.

We can also see that human brains, together with its various senses, can work impressively well with unstructured and incomplete data sets. As an infant we once learn what a cat is and can recognise cats until the end of our lives; and that goes also for cats in other colours and completely different forms. We humans are able to abstract the format “cat” accordingly and apply it in completely new circumstances. The easiest way to make this clear is that every human who knows what a cat looks like can usually draw a cat. These drawings usually have at least one thing in common – pointed cat ears. Most of the time we also add a cat tail.

We owe it to Stanford University’s impressive research that we are able to train these skills on computers as well. At the same time, this research also highlights the enormous challenges that such a goal entails and, alongside, illustrates the very different strengths and weaknesses that we humans and computers have.

 

Fields of application of AI in banking & payment

In the area of payment, the topic of AI, especially machine learning and pattern recognition, has long been a fixed component. The most prominent and widespread example is risk monitoring at payment service providers and credit card companies. Today, systems based on artificial intelligence generally support the real-time detection of credit card fraud. Companies such as Risk Ident, Fraugster or Feedzai have established themselves in this area, but companies such as Adyen also count on these technologies. The Otto Group company collectAI is currently establishing itself in the field of receivables management, which implements a customer-centric approach in receivables management that is optimised, automated and individualised through AI, thereby reducing effort and costs and at the same time achieving higher success rates in the receivables process.

The use of new technologies in banking is somewhat more differentiated and not widely used yet. First market participants established themselves in the area of Robo Advisor, such as Scalable Capital, which is pursuing a value-at-risk investment approach and uses advanced risk management and simulation algorithms based on AI technologies. Interestingly enough, final investment decisions are still controlled by humans. More and more applications can be found in the field of bank account analysis, which automatically allocate expenses to categories and detect patterns in account movements in order to plan or control budgets and expenses. Examples in this field are the App numbrs, Kontowecker of the savings banks or N26. Programs that automatically trigger account movements, such as savedroid, go even further. In addition, there are applications that provide financial recommendations on the basis of existing knowledge and more and more chatbots and self-service offerings. If you combine all these things and think them a little bit further, a fully automated, individualised and AI-supported  holistic banking advice will be possible in the future.

The banking business seems predestined for the use of these technologies for the simple reason that the data basis of banks is highly standardised and the processes in banks are strongly regulated and formalised. To put it simply, one can assume that processes in banks can be replaced or extended by AI-supported technologies, especially if they follow clear and formal rules.

 

What will become important in the future with AI in Banking & Payment

In particular, with a view to the payment and banking industry, we have identified some aspects that we consider to be important dimensions with regards to the progress of AI as important topics of the future.

These aspects are:

 

A plea for cooperation and the eternal dilemma of AI

The world will change. Computers will take over activities that humans do today. But until further notice, people will not be displaced by computers. Many tasks will change and completely new ones will emerge. For the time being, computers in particular will need humans to teach them the things we want to automate. A computer by itself can do less than a new born child when it comes into this world. Like with the baby, the computer needs a human person who shows him the world, explains it to him and teaches him how to do his tasks.

People should engage with AI and use the respective strengths of humans and computers to maximise overall benefits. We will thus free up precious life time that we will be able to use for new, creative and important things, while boring, recurring tasks and activities will be more and more automated.

The great dilemma of AI is at the same time the most important factor for human beings. Computers are dumb. Computers only work when  a human has given them a clear goal. This is a great chance for humans to not become redundant for the time being. At the same time, there is a great risk in this particular detail. Because computers pursue their goals with all means. Even if it’s the wrong target or an immoral target. Finally, a very simple example to think about: Imagine a fully automated banking advice. The AI takes over all of your banking transactions fully automated, including your investment decisions. The computer behind it can now be given two similar but fundamentally different objectives. On the one hand, it can be given the goal of maximising the investment – that is, getting the best out of it for you in a risk-optimised, cost-optimised and return-optimised manner. On the other hand, it could also be given the objective of maximising the investment while at the same time optimising the bank’s earnings by, for example, exclusively acquiring its own bank’s ETF products, which are perhaps not the most cost-effective for the client but the most profitable for the bank. You think you would notice the difference? And who monitors these algorithms? Your bank?

We are only at the very beginning of this story…

„Curse or blessing – from the (mis)understanding between banks and FinTechs“

Banks and FinTechs are now in reality? 

Banks and FinTechs, not so long ago still like fire and water, have apparently arrived in reality in the meantime. The FinTechs are increasingly looking for supporters for their own ideas and find these more and more in the banking environment, because here too a fundamental rethinking has taken place. And each of the two formerly opposing groups seems to have found its position in the game of customer favor and is focusing on its strengths.

How did this development come about?

The media, with their sometimes sharp coverage, certainly also made a not insignificant contribution to this development. They liked to pick up the ball from the two conflicting camps and exploited it. The song of the death of the banks was started, because the young wild ones now take over all the tasks of the banks and that better than they could ever do. The fact that some FinTechs had already understood at that time how it could work in cooperation with the banks was not mentioned.

But what does it really look like?

Currently, a message about mega financing rounds for FinTech start-ups is chasing the next and new ideas for services in the financial sector are not ebbing away. In 2018 alone, about 2 FinTechs were founded per week on average. Although this does not mean an exponential increase in the number of start-ups compared with previous years, the figure is still interesting.

If we now look at the area of payments/payment transactions, which is of particular interest to us, then we remain in the single-digit range with the new companies and only around 2 percent were able to collect capital for their ideas.

Why is that?

What have the FinTechs still on the market done differently from those who had to strike their sails after using up their capital because they had failed at reality? Because these news also occurs at the same frequency as the news about start-ups with large funding capital.

Successful FinTechs, be they defined as established companies running on their own with a healthy number of employees who are not worried and fear from financing round to financing round, have all realised that cooperation with banks seems to be the right way forward. Examples include N26, Kontist, Deposit Solutions, Raisin (formerly Weltsparen) and similar FinTechs.

With the exception of N26, which already has a banking licence, all of them have an established banking institution on their back for operating successful business models.

Especially if the business model of FinTechs envisages the takeover/improvement/simplification of individual parts of the banking business, cooperation is the ideal solution. The attempt to expel banks out of their very own territory, mostly driven by exaggerated self-confidence, seldom ended well. Today’s FinTech startups have long since rejected this strategy.

Reasons for this are quickly found, because the assets of both parties could not be distributed more differently.

On the one hand, there are the established banks, which operate in what is probably the most regulated market. On the other hand, there are the FinTechs, who can give free rein to their ideas and start developing on a greenfield solutions that focus on the customer.

Both parties are developing in very different directions and can do what they do pretty well. No one else caters like the banks to implement a new regulatory issue in a way that meets the requirements. The ability to develop new initiatives, business models and ideas is much less pronounced. A further advantage and great added value of the traditional and established banks is their existing customer portfolio. The FinTechs, on the other hand, have the opposite problem: they have no or a very small customer base. They are also bubbling over with new ideas and developing solutions consistently and quickly upon customer needs. When it comes to integration into existing legacy systems and the implementation of regulatory requirements, they find it extremely difficult and tend to massively underestimate this effort, even in their calculations. Some good ideas have already failed due to the regulatory requirements of the banking sector.

How do you bring both sides together?

The challenge now is to bring the two sides together and let each party ride its hobbyhorse. For this there are some successful models as already mentioned above.

The approach of taking the best from both worlds and not wanting to do everything yourself can then turn out to be a successful model for both sides. We were able to see this very clearly at this year’s FinTech Week in Hamburg in mid-October. It was already very noticeable that there was a cosy relationship between banks and FinTechs; this would have been unthinkable a few years ago, since no one left out any possibility of blaming the other for his shortcomings.

BaFin also made it clear that there is no way around her. Personally, I was particularly influenced by the appearance of the BaFin President at an event in Berlin. This appearance was of inimitable transparency and made it clear that the limiting elements and compliance requirements of banking supervision cannot be bypassed by FinTechs and he also clearly pointed out that only companies are successful on the market that deal with this, either themselves or in cooperation with existing institutions.

In addition, legislation has become much more liberal and open to the market. Special FinTech committees have been set up to accompany and facilitate market entry, and the registration hurdles have also been significantly lowered. Dialog was also the driver here.

So, there is a lot of movement in the market from all sides, the participants are moving towards each other, sharp-tongued comments on the “old bankers” from the young wild ones and the “wait and see what happens” comments from the establishment are forgotten.

The discussion panels of the FinTech-Week seemed a bit, almost boring, because there was no dissent. Rather, it became clear that FinTechs would like to win the banks as partners and not to see them anymore as opponents. During the presentation of the “Big Four” from Hamburg at a panel discussion, it became clear that the problems of the FinTechs are by no means caused by the banks, but rather of an organisational nature.

On another panel, four successful FinTechs showed what concrete role banks play in cooperation and how important they are. Sutor Bank, as one of the institutions that consistently pursue the path of cooperation, made it clear how it can succeed and also bring added value for the institutions. The difficult regulatory issues were dealt with by the bank and made available to FinTechs. These focus on developing a viable business model that can also be successful in the longer term. In this context, the Solaris Bank should also be mentioned here because it has been consistently pursuing this model for some time. So, everyone has contributed their assets optimally and a long-term partnership is exactly what both parties need.

In summary, it means what?

It can therefore be concluded that cooperation can be worthwhile for both interest groups, but they must be managed in a meaningful and sympathetic way. In some cases, OSTHAVEN has already successfully supported projects and brought market participants together within the framework of considerations regarding cooperation between different market participants. Based on this experience, we know the frequently occurring difficulties from both sides and have developed sensible, coordinated solutions.

„Quo vadis foreign payment transactions?“

New providers are pushing into a market dominated previously by banks

So far, banks in particular have assumed that foreign payment transactions are a monopoly of the banks. Until now, it has been complicated and time-consuming to provide this service. For cross-border money transfers, correspondent banks are required for the various target markets and sometimes already on their way to these markets. In addition, a large number of experts for foreign payment transactions work in the banks in order to provide the whole range of different services. This “quasi-monopoly” of banks in foreign payment transactions (cash (money) transfers from Western Union and Co. excluded) is slowly dissolving and new providers are successfully establishing themselves in the market for foreign payment transactions.

What makes these new providers so successful?

Some of these providers have already successfully positioned themselves on the market. For example, TransferWise, founded in London in 2010, claims to transfer USD 2 billion per month and already has 4 million customers. Other providers in the market include WorldRemit, Remitly and Azimo.

Why are TransferWise and Co so successful? The new offers are thought of consistently from a customer perspective, not least because they were developed by frustrated bank customers. TransferWise was founded because the founders working as employees abroad, repeatedly had to pay high fees for remittances back to the home country. The aim was to make the transfer of money from one account to another as easy and affordable as possible. In addition to an easy-to-use app, this objective was also achieved via a cash pooling, in which the various payment flows are aggregated and offset accordingly. This means that only a fraction of the original sums (peak settlement) must actually be transferred across borders; the majority of payments can be made via a national clearing system, which is much more favourable.

In addition to the new providers, the more established market players such as Western Union and MoneyGram also offer an alternative for customers who want to send money internationally.

The new digital offering is a typical disruptive innovation

A normal standard foreign payment bank transfer costs about 15 euros at a bank. With TransferWise the fees start with approx. 2 euros, with Azimo, a further digital service provider, a bank credit transfer costs as a rule 2.99 euros. At Western Union, the cost of (non-cash) transactions starts at 5.00 euros.

As a rule, the classic banks’ offerings are geared towards the high demands and extensive needs of large business customers. However, there are also much simpler customer needs, especially for private customers or smaller companies (SMEs). Sample evaluations show that these customer groups in particular are using the new service providers. Not only private customers, but especially business customers who appreciate the low fees, easy handling and fast execution, although the scope of services is significantly smaller. Thus, this is a potential disruptive innovation.

What can banks do?

As a first step, banks should analyze how many of their own customers are already using the new service providers. An analysis carried out by OSTHAVEN for a bank showed that the bank could already have lost potential fees of around 250,000 euros p.a. by using TransferWise and Co. today. Even though few transactions in relation to the total volume were affected here, we believe that in the future customers will increasingly use non-banks for money transfers across national borders (which in turn make use of the banks’ foreign payments infrastructure) and thus erode further bank earnings.

In addition to observing developments in the usage behaviour of their own customers, banks should also examine other activities. Our (not complete) list of ideas:

  1. If not already done, integration of the foreign payment transaction into online banking and own banking apps
  2. Adjustment of fee models, in particular for simple payment offers such as relatively standardised bank transfers to Great Britain or other European or Western countries.
  3. Consideration of whether cooperation with the new providers could be useful in order to offer customers favourable and easy-to-use foreign payment services. This also against the background that banks will certainly not be able to stop the development. But with a suitable profit-sharing model, banks could continue to (partially) participate in the earnings from this business. In addition, savings could be achieved by shifting some of the standard services.

The first banks, such as N26, are already offering services from TransferWise on their platform. This offers two opportunities for these banks: they offer their customers a modern and up-to-date service and, secondly, they do not have to implement the complex requirements for foreign payment transactions on their own but can fall back on third-party service providers.

„Bank diversity in the conflict between innovation and economic efficiency“

Continuous decline in the number of German banks and savings banks

According to the German Bundesbank, there were 1,823 credit institutions (banks and savings banks) in Germany at the end of 2017; compared with 2007, this represents a reduction of almost 20 percent.

According to the Savings Banks Association, the number of savings banks alone has fallen to 385 (a decline of 28) since 2015. The reduction in the cooperative financial sector in the same period was actually 106, down to 915. The Federal Association, BVR, is expecting further mergers, although at a lower level this year, with a total decline of the number of institutions of 57.

For example, in recent years the number of mergers among savings banks has risen significantly. The drivers are, of course, digitalisation, and also the increasing regulation in the financial environment and demographic developments. It is interesting to note that the total number of savings banks fell from 594 in 1998 to 390 as at 31 December 2017 – without one institution being closed.

The numbers of the past therefore speak a clear language; this is further reinforced by the ongoing reduction of branches in Germany. On the one hand, this is also a reaction to the digital transformation and the resulting less and less stringent requirement of the branch as an information and distribution channel. The digital offerings of banks and savings banks (or alternative marketplaces such as Interhyp, Finanzcheck or Zinspilot) are increasingly becoming the primary “banking channel”. On the other hand, Germany, as one has been reading for years and years, is overbanked. In my opinion this applies especially across all institutes, especially for the number of branches (ok, less and less in rural areas …). It is still not uncommon for three branches of an institute to be found in one street of a major German city.

What’s the next step?
How will the trend develop in the future? Will there be a further development or will the “bank dying” continue? Just by the way: no savings bank or cooperative bank has gone under so far; there has only been mergers within the respective banking group, and only very few can remember the last demise of a relevant private bank – since 2001 the deposit guarantee fund had to bear the costs for only 10 insolvent banks, the last was the Dero Bank in February 2018?

Management consultancy Oliver Wyman paints the future of German credit institutions completely black; it assumes that, due to the increasing importance of FinTechs and the large IT groups such as Google, Apple, Amazon and Facebook, the number of German banks could fall by 2030 to 150.

There have been intensive discussions in (not only) the social media about the prediction of the colleagues and one can think what one wants of the lurid lead story, but all are unreservedly of the opinion that the number of banks will continue to decline. The experts, however, are not in agreement about the consequences of an ever-decreasing diversification of the German banking landscape, and the question should also be put as to whether a merger of two (or possibly several) institutions would solve the fundamental problems that drove these institutions into considering a merger in the first place.

At the moment it is being hotly debated, and some politicians, economists and media even demand that a merger between Commerzbank and Deutsche Bank should come about. The question of the meaningfulness is therefore more important now than ever. This question will be explored in the following with the help of a few (yes, even provocative …) theses.

Does a merger (or a takeover) solve fundamental problems for German banks? What problems does a merger cause?

Thesis I: Mergers do not pay off
There are examples where it is worthwhile for one bank to be taken over by another (or where it is planned that it will pay off …). A current example is the takeover of Düsselhyp, which is currently being wound up, by Aareal Bank. Although this example is not really suitable, as Aareal has no strategic interest in Düsselhyp, but only wishes to exploit positive one-off effects within the framework of the settlement.

In reality, however, the situation is different for real mergers and acquisitions. You only have to think of the ongoing attempts to create a uniform IT platform at Deutsche Bank; Postbank is still largely running on its own. The Magellan project, which was supposed to create the basis for a uniform platform, was stopped by the bank.

The creation of uniform and integrated IT systems is always connected with the change of IT systems and the requirement of process adaptations and data migrations. Although the reason for the change in the core banking system of apoBank (from Fiducia GAD to avaloq) is not a merger, the estimated costs (“low three-digit million range”) serves as a benchmark for the IT consolidation of an institution to be merged. You don’t have to look very far for further examples, you can find them in all sectors of the German banking landscape.

If one now thinks about a merger of Deutsche Bank and Commerzbank, then a merger can only pay off with a uniform IT platform; and here neither bank has a uniform infrastructure when viewed individually. Rather, in a merged institution, components of Deutsche Bank, Commerzbank, Postbank, the former Dresdner Bank and other subsidiaries of both banks would then be found. … This list could be extended to include the fact that the Commerzbank will soon have its securities business handled by HSBC and payment transactions by equens, but the Deutsche Bank is taking a different approach here.

It is difficult to imagine a scenario in which such a mammoth task could ever pay off. Especially since the longed for (at least) European champion for many years would be almost exclusively concerned with itself. A fitting transition to …

Thesis II: Mergers are innovation killers
Innovations have a hard time during a merger project, because the securing of the set goals (standardisation and streamlining) is the highest priority after the securing of the daily business. Innovations (in the eyes of many bankers still only betting on future earnings) are not given sufficient attention and are repeatedly put on hold in such phases, which often means nothing more than their discontinuation.

And even after a merger has been completed, things will not necessarily get any better. There are voices (among others, the well-known “influencers”) that yearn for a comprehensive consolidation of the German banking landscape, in which only a few banks would then have plenty of time, money and leisure to finally devote themselves to the creation of innovative solutions for their customers.

I think this is a misconception; competition is a driver of innovation. If market shares are only distributed among a few providers, banks will become more and more comparable in what they offer. In addition, for reasons of convenience, there is increasingly less the need to win new customers with innovative ideas. Evidence of this is that in recent years innovative ideas have come from the diverse FinTech environment and less (or not at all?) from established banks.

The comparisons repeatedly made with countries in which there is more limited banking diversity are not accurate. A BBVA or an ING is not innovative because there are fewer banks in its markets, but because the structures and the reduced importance of (association) “politics” make it possible (and the entrepreneurial DNA dictates it to them).

Thesis III: Mergers deprive local banks of their regional roots
Regional institutions, and these are in particular (but not only) cooperative banks and savings banks, are defined above all by their connection with (the people and institutions of) their region. This is reflected in the social commitment (e.g. the support of sports and cultural facilities or the supply of structurally weak regions) of these houses and in the loyalty of customers to their banks through generations.

But what is the increasing wave of mergers between savings banks and Volksbanks and Raiffeisenbanks in the region in recent years doing with the people? Suddenly the people in Flensburg and North Friesland have a joint savings bank and the customers of the Volksbanks in Frankfurt, Griesheim and Maingau have a new large joint institute. Will there still be room for regional roots after such mergers? This does not always happen silently; for example, there is a petition to reverse the merger of the savings banks Schweinfurt and Eastern Lower Franconia. The integrity of many houses is no longer guaranteed by the dilution of the regional principle.
These three theses are not intended to present mergers between banks as meaningless, as there can be very good reasons for them. Mergers can serve to save banks and thus to achieve economic stability. Mergers can also make strategic sense. However, there are no automatisms that mergers or acquisitions are always worthwhile; two weaknesses do not make a strong one. The weaknesses of the individual partners (e.g. IT legacy, lack of innovative strength, no future-proof business model) will then only be merged and, possibly, further exacerbated.

A Plea
This contribution is intended to be a plea for maintaining diversity in the German banking market. It would continue to be desirable to have large and small as well as regional and international banks. Traditional institutions and challenger banks, multi-channel and mobile only, investment banking and sustainable banking … everything should continue to be typical for our banks in the future!

„Options for PSD2 implementation“

Although in force since January of this year, in the eyes of many PSD2 will only become really relevant and complex with the final entry into force of the RTS (Regulatory Technical Standards for PSD2) on 14th September 2019.

In addition to Strong Customer Authentication (this is worth a separate contribution…), the RTS will above all, but not only, lay the regulatory basis for the much, and in part hotly, debated services „Payment Initiation Services“ (PIS) and „Account Information Services“ (AIS) newly created by PSD2. PIS stands for a payment initiation service such as Klarna already offers with SOFORT. AIS means an account information service such as is already available, for example, as part of Deutsche Bank‘s multibanking service. Examples already show that PSD2 does not enable new, revolutionary services, but rather regulates existing activities (with the consequence that companies operating in this area now require a regulatory license) and obliges banks to provide access to their customers‘ accounts according to defined rules.

Now it is correct that due to PSD2 the competition for a customer burns more strongly than before; besides the established players, the banks and savings banks, other enterprises are competing more and more frequently – in the PSD2 context these are the so-called Third Party Provider (TPP) – to gain the favour of the customers. However, unlike the usual one, this distribution battle is not about better conditions for individual products, but about the big picture – the customer himself. Whoever succeeds in making a convincing offer in the sense of user experience will represent the front end for the customer and thus become the access for this customer to the banking offers (regardless of which bank). And those who occupy the front end will ultimately also be able to influence the services and products offered and thus have a correspondingly larger share of the added value.

So at least the general theory…

As a result, it is insufficient for banks and savings banks to implement the requirements of the PSD2 RTS in order to be „compliant“. Rather, either defence mechanisms must be developed from these in order to be affected as little as possible by the TPP, or strategies must be devised as to when an institute can benefit from the regulations of PSD2. Defensive mechanisms will not work, since customers of a bank or savings bank cannot now be persuaded that SOFORT or PayPal are „evil“. On the contrary, customers use these services unremitingly because they have advantages over their own bank‘s services. As a sensible answer that remains to PSD2, is therefore, a progressive handling of this and, for example, a positioning of the institution as a central interface to the customer‘s banking and thus also to the customer‘s accounts with other banks. In fact, this does not require a TPP; a bank or savings bank can also offer this directly to its customers. Deutsche Bank, for example, will certainly and consistently expand its multibanking offer, which is currently only an account information service, to include the possibility of triggering payments at other institutions. Deutsche Bank customers would be able to manage all their payment transaction accounts without having to log into online banking at other institutions.

Consequently, not only in Germany but all over Europe the consulting companies are chasing after their (target) clients, by the way we, too, from OSTHAVEN, and spreading the message that the houses have to position themselves according to PSD2 and design offers in order to represent the central front end of the client for banking even after 14/09/2019 and not lose this to a TPP or another bank. PSD2 represents the end game around the clients for all banks and savings banks, if necessary.

For everyone? No, at this point we expressly disagree! Not with regard to the requirement that all banks that maintain „payment transaction accounts“ (here the market still lacks a clear definition) must have implemented the requirements of the RTS by 14th September 2019. But we are of the opinion that the PSD2 is not strategically relevant for all banks beyond compliance. It is undisputed that retail banks and banks with a high proportion of retail customers and a focus on checking transactions will be massively affected by the PSD2, but in return strategic advantages can also be drawn from the rules and regulations. In addition to retail banks, there are also many institutions that will not be able to benefit spontaneously from the implementation of PSD2 or will not experience any direct competitive disadvantages. We include banks here that are active exclusively in corporate banking. Triggering payments plays hardly any role for these customers and multibanking is already a reality thanks to the use of software. Even banks that focus on financing and deposit products can only benefit from the PSD2 with a lot of imagination. We could go on… It should become clear that the establishment of ecosystems or the convergence of banking and non-banking based on PSD2 rules is not meaningful or necessary for all banks. We consultants also have to operate with a sense of proportion here.

„3D Secure 2.0 – Facelift or Quantum Leap?“

The new generation of cardholder authentication “3D Secure 2.0”
3D Secure has often been (and still is being) promoted as the magic miracle cure, which should cure the misery of default on the merchant side. Initiated by VISA in the early years of this millennium and prominently placed as said miracle cure, however, the teething troubles soon showed up – first and foremost the problems with the “conversion rate” among 3D-using traders. The use of 3D Secure caused unintentional payment cancellations by the cardholders and thus reduced the sales of the affected merchants. The conversion rate describes the ratio of the visitors of an online shop based on clicks to the conversions, i.e. the conversion of prospective or interested buyers into buyers.

 

The problem, on the one hand to minimise the risk of payment default by chargebacks, but at the same time to permit maximum potential sales at the participating merchants, could not be solved in the used variant of the 3D method (version 1.0). When PSD2’s European payment supervisors then demanded strong customer authentication for much of Europe’s well-known card payment traffic, they took pity on the merchants. The major credit card organisations (Visa, MasterCard, AmericanExpress and JCB) formed and defined a new authentication standard, “3D Secure 2.0”, within the joint venture “EMVCo”, which today is largely responsible for the EMV standards. This was to turn the former miracle cure into a remedy that would have to completely eliminate the suffering of the merchants and at the same time meet regulatory requirements.

 

3D Secure 2.0 is also the answer by card organisations to the requirements of strong customer authentication (the PSD2), which is already to be implemented by September 2019. The new specification also ensures that the international schemes offer a consistent standard for consumers, merchants, issuers and acquirers.

 

In October 2016 the time had come and the specification of the new standard was published by EMVCo. Looking at the operational steps of the new method from the helicopter perspective, serious changes can not be easily recognised in comparison to the old method. The devil is as always in the detail, and it is precisely these details that give hope that with the 2.0 version one has found a cure. The new procedure has defined different process steps for new (or at least modified) roles. The classic, well-known role from the point of view of the traders in the old procedure, was the role of the Merchant Plug-In Operator (MPI). This is explicitly no longer used in the new specification. It therefore remains to be seen how today’s MPI operators will operate with a technical solution in the 3D Secure 2.0 process (for example as a technical service provider of a “3DS server”).

 

In addition, the product managers at EMVCo have integrated a new ingredient that reduces payment cancellations in the old 3D process – and even stops them altogether. The so-called “Frictionless Flow”, namely, allows within the new standard an authentication without additional interaction with the person to be authenticated.

 

Now that the regulations of the two largest credit card organisations (VISA and MasterCard) regarding the new 3D Secure 2.0 procedure have been adapted with the Autumn 2017 release, it is now time to advance the implementation of 3D Secure 2.0 in the (partly new) operational instances.

 

However, to be able to use the new procedure, each participating entity must implement technical changes in their systems, since the procedure involves some changes compared to the old authentication.

 

By 01/01/2020 at the latest, however, according to the current plan of the MasterCard, all authentications should be carried out only according to the 3D Secure 2.0 standard. However, Visa has already postponed its April 2018 rollout (dealer-initiated authentications only) to April 2019. The timetable seems very ambitious planned and will then have to be confirmed by reality.

 

Crucial to the success, however, is the future use of the process by the e-commerce community – that is, the transaction volume using 3D Secure 2.0 authenticated payment transactions. Therefore, assuming that the “3D Secure Weaving Machine” (consisting of Access Control Server and Directory Server) is (or has to be) implemented by the operational specifications and deadlines of the credit card organisations, the merchant remains the same as before – and as in the old procedure – can make or break the success of this innovation. And this is precisely what the teething troubles of the old “miracle cure” know from their own, painful experience, and should therefore show a rather moderate interest in a (from their point of view) imposed renovation.

 

The acquirer as a liable entity in the 4-party model must inevitably have an immense interest in the use of the new procedure, because only in this way can he comprehensively get rid of the liability in the case of a chargeback case back to the issurer by means of a liability-shift. So that the acquirer can use the new procedure effectively at the merchants connected to him, the problem of the conversion rate must be solved. This in turn can be eliminated by definition within the new standard only if the majority of the authenticated transactions are processed via the newly defined “Frictionless Flow”, in which an additional security query in the authentication process with the cardholder becomes superfluous. However, this “Frictionless Flow” implies that the merchant directs enough information about the cardholder and the transaction to be authorised in the authentication process to the issuer, who then “favourably” agrees to this authentication without further request from the cardholder, based on their own risk assessments.

 

It is therefore quite unclear as to what percentage, at the end of the day, authentication in “Frictionless Flow” is processed. And this is precisely where the credit card organisations have left their acquirers in the cold, since on the one hand they do not make binding stipulations to the issuer regarding the risk assessment in-house, but on the other hand they do not provide the acquirers with any support for using the new standard.

 

Operationally, 3D Secure 2.0 brings many new features with it and is also well-equipped for regulatory purposes. The status of a “facelift” of this tool can therefore be safely attested. However, if 3D Secure 2.0 is to trigger a “quantum leap in authentication” – and the potential for doing so is given by the new specification – further definitions or restrictions are needed to get rid of forever the old teetthing problems of the “Conversion Rate”.