I would like to thank Vincenzo de Stasio, Maria Iride Vangelisti and participants at the Conference on “L’attuazione della seconda direttiva sui servizi di pagamento e ‘open banking’”, Bergamo, 18-19 October 2019 for comments and suggestions. All remaining errors are my own responsibility.

---

Introduction

The provision of payment services is one of the most important activities performed by the financial sector.^[1]See De Bonis, R. and Vangelisti, M.I. (2019), La moneta – Dai buoi di Omero ai bitcoin, il Mulino, for a comprehensive account of the evolution of the payment system. Traditionally, most of these services have been offered by banks, although in the last decades non-bank financial institutions have gained a prominent role in some specific segments, for example in the credit card business. In the past, despite being a relevant source of revenues for banks and other financial intermediaries, payment services provision has ranked relatively low in the interests of policy makers and academics alike, with most of the attention on the soundness of the system rather than on its efficiency.

In recent years, this landscape has changed dramatically. The developments in information and communication technologies have made it possible to perform traditional activities more efficiently and to devise innovative services which were not available before. New players have entered the market, in some cases increasing the degree of competition to the benefit of customers, in other cases exploiting network economies of scale and their better and exclusive know-how to gain significant market power.

Policy makers have reacted to the innovation in the payment industry. In Europe, the first Payment Services Directive, ^[2]Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market, amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC … Continue reading published in 2007, has set the scene, defining the rights and obligations for a broad spectrum of payment services, such as credit transfers, direct debits and card payments. Moreover, it has defined compulsory information requirements, especially on costs. But the market has evolved rapidly, and yet in 2013 the European Commission has published the proposal of a new Directive on payment services, which was eventually published in 2015 and is widely known as Payment System Directive 2 (PSD2).^[3]Directive 2015/2366/EU of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and … Continue reading

The PSD2 intervenes extensively in the regulation of many aspects of the payment industry, defining new rights and obligations. One of its aims is to foster competition among service providers, to cut monopoly rents, reduce costs, and improve efficiency.^[4]For a thorough comparison of PSD1 and PSD2, see Sciarrone Alibrandi, A. (2020), Impostazione sistematica della PSD2, in Paglietti, C. and Vangelisti, M.I. (eds.), Innovazioni e regole nei pagamenti … Continue reading The adoption of the Directive in the various European countries, and the definition of regulations related to its implementation, has taken some time. For this reason, its impact on the industry has not yet fully shown. Nonetheless, while some effects are becoming visible, stronger ones are certainly to be expected in the coming years.

The purpose of this chapter is to discuss how some of the innovations introduced by the PSD2 might impact the business model of payment service providers in coming years, what the effect on the equilibrium in the industry will be, what new risks may emerge, and what actions should be taken to counter possibly undesired outcomes.^[5]See Zeno-Zencovich, V. (2020), Prefazione, in Paglietti, C. and Vangelisti, M.I. (eds.), Innovazioni e regole nei pagamenti digitali: il bilanciamento degli interessi nella PSD2, RomaTre Press, for … Continue reading The Directive has introduced numerous innovations, but the analysis in this chapter will focus mainly on the potential impact of the introduction of three new types of intermediaries, known as Third Party Providers (TPPs): Payment Initiation Service Providers (PISP), Account Information Service Providers (AISP) and Card-Based Payment Instrument Issuers (CBPII).

The rest of the chapter is organized as follows: the next Section briefly describes the activities of the new types of intermediaries that have been introduced by the PSD2. Section 3 describes the main sources of market power in the payment industry. Section 4, the core of the chapter, discusses the possible impact of the PSD2 on the degree of competition in payments. Section 5 argues in favor of some policy interventions and concludes.

 

The new players at the heart of PSD2

The main impact of PSD2 on the market for payment services will most likely be caused by the introduction of three new types of players: Payment Initiation Service Providers (PISP), Account Information Service Providers (AISP) and Card-Based Payment Instrument Issuers (CBPII).^[6]As is well explained by Porta (2019), Obiettivi e strumenti della PSD2, in Maimeiri, M. and Mancini, M. (eds.), Le nuove frontiere dei servizi bancari e di pagamento fra PSD 2, criptovalute e … Continue reading

With the burgeoning diffusion of online purchases, PISPs are expected to become important players in the payment procedure, because they link the website of the merchant with the banking platform of the payer. Namely, they are responsible of guaranteeing the payee that the payment has been initiated, so that the merchant can safely transfer the good or service purchased, and the operation can be concluded. Aside from crucial issues related to consumer protection and security, the PSD2 requires that any payment service provider is permitted to offer payment initiation services, therefore guaranteeing fair competition in the market. To achieve this goal, the Directive posits that PISPs only need the consent of the account holder to access his banking platform, without being required to use any particular business model, or entering into any contractual relationship with the payer’s bank. This requires that common and open standards of communication be implemented, according to guidelines that are provided by the European Banking Authority (EBA). In practice, financial intermediaries holding customers’ accounts are mandated to make them easily accessible through Application Program Interfaces (APIs). Importantly, PISPs cannot hold accounts in the name of their customers, but their activity is limited to initiating the provision of payment services.

AISPs cover a different part of the market. The increasing number of relationships that corporations and individuals have with banks and other financial intermediaries allows a better management of liquidity and payment services. However, this also makes a unified picture of the position across all different accounts difficult to obtain, which can lead to organization and synchronization problems. AISPs provide aggregated online information on one or more payment accounts held with one or more other payment service providers. Since better information helps fostering competition, the PSD2 has made it easier for AISPs to access customers’ accounts, along similar lines as those defined for PISPs. Indeed, the only difference is that AISPs are not allowed to initiate a payment operation, but they can only gather and provide information to those entities that the account holder has authorized. To this purpose, similar common and open standards of communication are to be implemented. Obviously, like PISPs, AISPs must observe specific data protection and security requirements.

Finally, the PSD2 also allows financial intermediaries to issue card-based payment instruments, such as credit-cards and debit-cards, that directly debit a holder’s account held with a different financial intermediary. This allows to break the connection between the issuer of the card and the bank where the account that the card debits is held. As with PISPs and AISPs, holders of customers’ accounts are mandated to make them easily accessible to CBPIIs through standardized APIs.^[7]For a thorough legal analysis of PISPs, AISPs and CBPIIs see also: Profeta, P. (2019), I third party provider, profile soggettivi e oggettivi, in Maimeiri, M. and Mancini, M. (eds.), Le nuove … Continue reading

To assess how the entry of these new players will change the payment industry, first we need to understand what the main levers of competition in this market are, which is the topic of the following section.

 

Competition in the payment industry

In the past, competition in the market for payments has been low, allowing some players to earn significant extra profits at the expense of their customers. Three main factors favor the emergence of monopoly rents: the possibility to bundle payments with other (banking) services, such as current account services; the presence of large network externalities, due to the fact that the incentive to adopt a new means of payment increases with the number of other individuals adopting it; and the importance of reputation, that hinders the entry of new players in the market. To better understand the role of each one of these three factors in harming competition, it is useful to analyze the steps involved in a typical payment.^[8]On this issue, see also Geerling, M. (2018), E-commerce: A merchant’s perspective on innovative solutions in payments, in Journal of Payments Strategy & Systems 12, pp. 58-67.On this issue, see … Continue reading

Payments are normally the counterpart of a purchase of goods or services, that can take place either physically, for example in a shop, or through the internet. In the case of online purchases of goods, and some services such as travel tickets and hotel rents, the consumption is deferred from the moment of payment.^[9]For an analysis of the legal implications of payment services, see De Stasio, V. (2016), Ordine di pagamento non autorizzato e restituzione della moneta, Giuffré, Milano. However, an increasing number of services are accessed and transferred through the internet, such as video and music files, but also online teaching or consulting services.

From the point of view of its payment, and leaving cash aside, each purchase involves four main steps. First, the customer enters a physical brick and mortar or a virtual shop and chooses the good or service that he wants to buy from the merchant. Second, he transfers an accepted mean of payment from his account to the hands of a financial intermediary providing the payment service (Payment Service Provider, PSP). Third, the PSP transfers the mean of payment to the account of the merchant. Fourth, the merchant delivers the good or service acquired, and the purchase is finalized. Although often some steps are even further segmented, as in the case of credit-card payments, we can focus on this simplified framework to understand the determinants of competition in the market, without much loss of generality.

The three factors favoring monopoly rents mentioned above can intervene at different stages in the process described above. Consider the first, the possibility of bundling payments with other services. An obvious case is when the PSP coincides with the financial intermediary either of the customer or of the merchant, which allows to reduce the number of intermediaries involved in the process and, in turn, the cost of the transaction. Financial intermediaries able to offer both payments and deposit services can thus benefit from the economies of scope of carrying both activities. This increases the optimal size of operation, making it more difficult for new players specialized only in payment services to enter the market. Eventually, a merchant could even be in the position to agree with his bank to force customers to use a specific PSP, making it impossible for him to choose an alternative. In fact, this is happening increasingly often in the case of some e-commerce websites.

The second factor favoring the emergence of monopoly rents in the payment industry is the presence of network externalities. As already argued above, reducing the number of intermediaries that take part in the payment process is likely to reduce the costs. In principle, if all customers and all merchants held their accounts with the same financial intermediary, that would be the only PSP that is needed, because all payments would involve just the record of a transfer from the account of the customer to that of the merchant. While this is an unlikely outcome in practice, since it would imply the existence of a single monopolistic bank, it remains true that financial intermediaries with a larger number of clients are more likely to be able to settle payments within their own accounts, and therefore to lower costs. This is a clear case of existence of strong network economies, which favor market concentration.

The third factor, reputation, relates to a key characteristic required of any payment process: that it is secure, i.e. that the transfer is certain. A customer transferring a given amount of money to a PSP wants to be sure that it will then be transferred to the account of the merchant, so that he delivers the good or service that the customer has acquired, and the purchase is finalized. Although PSPs are subject to regulations and supervision, in principle their position allows them to divert the money received, eventually robbing the customer. As a less fraudulent alternative, PSPs can economize on their investment in information technologies, reducing their standards of security and therefore increasing the probability that the information on the payment is lost. This makes it harder for an unknown financial intermediary to enter the market for the provision of payment services, because customers are unlikely to trust transferring their money in his hands. PSPs need therefore to gain a reputation for being reliable, something that typically requires time and is often associated with size. Again, this limits entry in the market for payments, favoring concentration and monopoly rents. In fact, customers in many countries seem to have a preference for making their payments through traditional banks, possibly because of their better reputation.

 

PSD2 and competition in the payment sector

Judging from the picture described above, PSD2 will foster competition by favoring the entry of new players in the second and third phase of the payment process: the transfer from the account of the buyer to the PSP and that from the PSP to the account of the merchant. By allowing PISPs to directly initiate a payment process and AISPs to rationalize the management of payments from different accounts, PSD2 aims at favoring the entry of players which may be able to innovate the existing services, exploit better technological know-how, accept lower profit margins – offering better and cheaper services overall. Reassuringly, PSD2 also requires PSP to be subject to a set of regulations aimed at guaranteeing the security of the services that they offer. Will this work?

A payment is very similar to what economists define as a commodity good, because its characteristics make it easily exchangeable across different suppliers. A key characteristic of competition in markets for commodity goods is that it is only based on prices. If a purchase can be paid with two different payment cards, and one has a lower cost, a rational economic agent would never use the other card. However, this analysis is correct only if we focus exclusively on the payment, i.e., on the activity of transferring a mean of payment from the account of the buyer to that of the seller. In fact, without taking into account riskiness, payments can be extremely different depending on at least two additional characteristics: how easy it is to make them and how quick the transfer is. Overall, entrants can gain market shares if they are able to provide a payment experience that improves on the existing one along one of four dimensions: because it is cheaper, it is easier, it is quicker, or it is less risky. On which one of these characteristics are entrants more likely to have a competitive hedge?

Two main reasons suggest that price competition is likely to be relevant only on the merchant side of the market. First, the structure of interchange fees is such that the costs of a payment is mainly born by merchants. In fact, in most countries, the cost of a good or service cannot be different depending on the mean of payment that it used to pay for its purchase.^[10]There are many reasons why this is the case. From an economic perspective, the literature on two-sided markets has shown that charging merchants is in many cases the profit-maximizing strategy of … Continue reading Second, the cost of the single payments is already relatively low, and it is unlikely that possible reductions allowed by better technologies will be so large to motivate consumers to switch from one PSP to another: it is therefore the merchant that may have an incentive to push for the adoption of cheaper means of payment.

A price-based competitive advantage is therefore more likely to emerge if a PSP has a better ability to process payments. A crucial example is that of closed loop systems, i.e., “systems set up and operated by a single payment service provider”, in which consumers and merchants hold an account with the same financial intermediary. Examples of these systems are US-based PayPal, Chinese Alipay, and Italian Satispay. Within a closed loop system, a payment entails only two opposite records: in the accounts of the consumer and of the merchant. Consequently, it does not require the transfer of information across different accounting systems, as in the case of a transfer of funds from the account of one bank to another. The competitive advantage of closed loop systems is thus the result of their ability to process payments at lower costs, which may give them a competitive advantage with respect to more traditional processes involving banks or credit card systems. Clearly, the incentive for merchants to hold an account with a closed loop system is increasing in by the number of consumers using it as a mean of payment, and symmetrically the incentive for consumers is increasing by the number of merchants that offer it as a mean of payment. This is a major source of network economies: the larger the number of users, the lower the costs.^[11]In addition, closed loop systems may be in the position of earning an interest rate margin, if they are allowed to invest the funds of their customers at higher rates than those that they pay on the … Continue reading 

Remarkably, PSD2 excludes closed loop system from the obligation to allow access to AISPs, PISPs and CBIIPs through standardized APIs, thus giving them a significant regulatory advantage with respect to other PSP. I will come back to this issue below.

As already argued above, risk can be an important factor influencing the choice of the PSP. However, in all developed countries payment institutions are heavily regulated and supervised along all crucial dimensions: technological, organizational and financial.^[12]European Banking Authority (EBA) has been required to define the technical standards of secure communication between Third Party Providers (TPPs) and the financial intermediaries where the accounts … Continue reading For example, financial intermediaries issuing electronic money, as well as PISPs and CBPIIs, cannot accept deposits from users and can only use funds received from users for payment services. Moreover, they must respect initial capital requirements. Since regulation creates a level playing field, it is unlikely that riskiness may become a crucial competitive factor in the supply of payments services within the same country. Riskiness can indeed be a crucial characteristic in the case of cross-border payments, but it is likely that once a given threshold of safety is guaranteed, competition will be on other features.

Aside from prices and riskiness, competition will most likely be based on how easy and quick it is to make a payment, limiting the number of steps required to make it. Let’s consider in-shop purchases first. With cash payments, the transfer is typically very swift, with the only nuisance of requiring to hold the right amount of change. With electronic payments, readiness has increased significantly in recent years. In the past, all electronic payments required to insert a plastic card into a device that connected remotely, typically via a phone call, and printed a receipt that had to be signed in order to authenticate the transaction. The process could easily last around one minute. Some improvements have initially come with the substitution of the signature authentication with that based on the personal identification number (PIN). More recently, contactless payments of small amount, with no requirement of authentication, have made the payment process as swift as that of cash payments, and without the problem of having the right amount of change. Contactless payments using a smartphone with a biological identification device can be as swift as that with a card, but with the advantage of being potentially less risky.

Only cheaper and better technologies seem capable of offering a better payment experience in the case of in-shop purchases. By using a smartphone it is possible to transmit a large amount of data, thus allowing to perform two crucial steps of an in-shop payment: authentication and transfer. The smartphone industry is very concentrated: four corporations (Samsung, Huawei, Apple and Oppo) are responsible of half of total world production of devices, and only two operating systems are used in practice: Android and iOS. But these corporations do not offer payment services autonomously, preferring to partner with different financial intermediaries. Since producers of smartphones do not have incentives to make an exclusive partnership with just one provider of financial services, technological innovation stemming from hardware improvements is unlikely to be a key competitive factor for payment service providers, and the new players introduced by PSD2 are unlikely to have a major role.

A different case is that of software improvements. Although only two operating systems are used in the market, competition could stem from the ability of payment service providers to interface with these systems, making their apps swifter and more user-friendly. By allowing PISPs and CBPIIs to enter this sector, PSD2 may alter competition dynamics also in the case in-shop payments.^[13]A different issue, that is also part of PSD2 but is not analyzed in this chapter, is the reimbursement of fraudulent transactions. Better authentication systems, leading to a lower number of frauds … Continue reading

In the case of online purchases, payments can at times be rather cumbersome: customers may be required to type their cards’ codes: the PIN, and the one time password (OTP) that they receive through different means of communication – typically small text messages (SMS) or, less commonly, e-mails. Completing these tasks may require a few minutes and can be rather complicated, with the risk that a purchase is not completed or the payment is made to the wrong counterpart. It is therefore no surprise that new services are being provided, allowing to register in smartphones or computers a set of information that make electronic payments easier and quicker.

In the case of internet-based transactions, purchases and payments are much more connected, and there is no reasonable alternative to electronic payments.^[14]Some goods can still be paid in cash to the delivery man, and services such as hotel rents booked in advance on the internet can be paid when checking-out with different means of payment from those … Continue reading Internet-based merchants have a stronger incentive to offer a better payment experience, because the cost of switching to a different merchant is much smaller on the web than across traditional brick and mortar shops. Internet based merchants are thus among those that could benefit the most from becoming a PISP, because in this way they could link the purchase with the payment, offering the best possible customer experience. Bundling purchases and payments can therefore be more effective than in the case of brick and mortar shops. Clearly, since setting up a PISP involves relevant fixed and sunk costs, big-techs like Amazon, which can dilute these costs across their large consumer base, may be more likely to exploit the possibilities offered by PSP2.

However, the previous discussion on cost advantages of closed-loop systems suggests that setting up a PISP may not be the best solution for e-commerce platforms. In fact, PayPal itself was initially created to make swifter payments on E-bay, the website specialized in consumer-to-consumer and business-to-consumer sales, and Alipay is linked to Alibaba, the largest e-commerce platform in China. PayPal and Alipay are closely linked to the e-commerce platform and are thus able to offer an easy and swift payment experience. But they are also closed loop systems, thus benefitting from lower costs and the potential to earn positive interest margins. Big-techs like Amazon may therefore prefer to set up their own closed loop system instead of creating a PISP, as Alibaba has already done with Alipay.

As mentioned above, PSD2 favors closed loop systems, arguing that “it would not be appropriate to grant third parties access to those closed proprietary payment systems”. Allegedly this choice is made “in order to stimulate the competition that can be provided by such closed payment systems to established mainstream payment systems”. But will the entry of these players foster competition in the payment industry? Since big-techs enjoy massive network economies of scale, it may indeed be the case that their closed loop systems allow swifter and easier payments at lower costs. At the same time, the optimal minimum scale of operations may be so large to allow for very few players in the market, thus hindering competition. As it is always the case with natural monopolies, finding an equilibrium between competition and efficiency is not easy. But it may be worth to consider granting third parties access to closed loop systems, since they already benefit from large network economies.

One additional argument stands in favor of not granting privileges to big-techs operating in the payment industry, and possibly limiting their expansion: the value of the information that they can collect. So far, our discussion has focused mainly on making a payment, i.e., on PISP and possibly on CBIIP. But with the explicit authorization of customers, these new types of intermediaries, as well as AISPs, can collect, store and elaborate information on each single payment for a potentially enormous number of consumers all over the world. If payments are managed by an in-house PISP or closed-loop system of an e-commerce platform, each payment can easily be linked with the purchase that caused it. Clearly, such information has an enormous value, for example for marketing and credit-scoring purposes. In Europe, the General Data Protection Regulation (GDPR) seems to be the only boundary to potential abuses in this field. Additional efforts in this direction seems warranted.

 

Conclusions

With few exceptions, I am generally in favor of any policy aiming at improving competition, because it increases aggregate economic welfare. In most cases, helping entrants in a market improves competition, and therefore I see it as a positive step. But markets in which bundling and network economies cause strong economies of scale is one of the exceptions to the general rule. Entry of large and powerful players can in this case reduce competition, with a negative impact on aggregate welfare.

The direction taken by the PSD2 is correct: favoring the entry of new players, reducing the benefits of holding proprietary information, dismantling the bundling of different services related to payments will improve competition and increase welfare. But attention must be paid to two possible risks.

The first risk is that big-techs exploit economies of scale related to network effects and the possibility of bundling different services to gain large market shares and hinder competition. Allowing third parties to access closed loop systems may be an important step to avoid this outcome.

The second risk is related to data collection and management. As emphasized by Gammaldi and Iacomini (2019),^[15]Gammaldi, D. and Iacomini, C. (2019), Mutamenti del mercato dopo la PSD2, in Maimeiri, M. and Mancini, M. (eds.), Le nuove frontiere dei servizi bancari e di pagamento fra PSD 2, criptovalute e … Continue reading “[t]he Directive indeed introduces the concept according to which data are available to the customer who ‘generated’ them”. This allows all players in the payment industry – including big-techs, if they are willing to enter this market – to collect information on payments linked with those on purchases, in addition to what they already collect, for example through social media. The use of information credit risk evaluation and price discrimination can have a disruptive effect on the financial market. Moreover, individuals may misperceive the immediate benefits that they obtain by releasing their data, and the often uncertain future costs related to their use on the part of specialized operators. In this context, “the explicit consent (freely expressed by users) may no longer be sufficient to guarantee respect for privacy”, as argued by Menzella (2019).^[16]Menzella, R. (2019), Il ruolo dei big data e il mobile payment, in Maimeiri, M. and Mancini, M. (eds.), Le nuove frontiere dei servizi bancari e di pagamento fra PSD 2, criptovalute e rivoluzione … Continue reading 

The risks caused by data mismanagement should be forcefully contrasted, within and outside the financial industry. For this reason, each specific piece of legislation should coordinate with the provisions of the GDPR.^[17]Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of … Continue reading Moreover, to guarantee all players using individual data and derived elaborations a level playing field, it should be considered to allow third parties to access the information collected by big-techs, according to the same philosophy which led the regulator to permit AISPs to access information collected by financial intermediaries, when users gave their consent. Of course, any such policy should be mirrored by initiatives aiming at making citizens aware of the value of their personal information – with a specific focus on financially-related information – for example offering “privacy education” in addition to “financial education”.