19 Feb 2013
(sorry for typos in advance)
Thought I would add a little meat to my 2013 prediction on a new token based payment scheme in the US. 60% of the thoughts below are contrived… as participants and pilot results are not in.. and things are still evolving.
Prior to describing a “new” ACH system, it may be useful to understand what banks are looking to achieve.
- Stop the dissemination and storage of DDA RTN and Account Numbers
- Control the bank clearing network. Particularly third party senders and stopping the next paypal
- Improve clearing speed (new rules, new capabilities to manage risk)
- New pricing scheme somewhere between debit ($0.21) and credit cards
- AML controls (per yesterday’s blog on HSBC)
- Taking Visa and MA out of the debit game (yes this is a major story)
- Maintain risk models (see both sides of transaction)
- Control Retailer’s efforts to form a new payment network
The current ACH system will never go away (related blog). There were $33.91 TRILLION moved over the network in 2011, compared to total debit and credit volume of around $4.5 Trillion. However, there are several “improvements” to ACH where all could benefit, primarily speed and fraud management. Thus I believe there will be a carrot and stick approach to creating the right incentives for ACH users to move. The highest priority will be around third party senders (TPS), the lowest priority will be regular customer directed debits and payments to billers.
Third party senders (TPS) are a subclass of Third Party Service Providers (TPSP) which originate ACH transactions based on a direct consumer relationship. Alternatively TPSP are also known as “processors” whose customers are banks (primarily) and have no direct consumer relationship. Banks are not happy with the “free riders” on their network (see yesterday’s blog). Most bankers view companies like PayPal and Xoom as riding on their rails for free. One of their biggest issues is that they do not have visibility into the actual beneficiary as the settlement account hides where the payment is going to. This impacts their ability to perform risk management and authorization. Take these issues together with the increased regulatory focus on AML and we have a fertile environment for change (HSBC’s See Deferred Prosecution Agreement, and business overview of HSBC’s issues from Reuters). Note that AML concerns are much more relevant to International ACH Transactions (IAT). This blog is not focused on IAT.
Banks must therefore architect a solution to evolve ACH while the ship is moving. This is a much better approach than that taken by the UK of mandating faster payments… (one bank was losing 30M GBP a WEEK from fraud when launched). The consensus approach seems to be one surrounding tokens and directory (my blog from last year Directory Battle Phase 1).
Scheme (updated 2/20)
- Token will replace DDA RTN/AN. Starting with ACH Debit, Third Party Senders will be required to use token for access to top 5 banks. Consumers will not know their “token” as it is unique to the requester.
- Third party sender (TPS/TPPA) must request token for originating consumer account from consumers bank (more on business incentives below). This establishes a “directory” role for the consumer’s bank and positions them to “approve” ACH Debits, where today the responsibility is only on the ODFI.
- The bank owning the consumer account will be the owner of the token. Individual banks may choose to issue tokens, tokens will be synchronized with a central director, banks not wishing to issue their own tokens may depend on the central directory for issuance.
- Once a token is issued, a third party sender will use the token to debit consumer account just as the account number is today. However tokens may be unique to each TPS/TPPA
- Individual banks may clear payments by using their own local directory, or leveraging the central ACH service. There are no forced routing rules (learning from VisaNet). Banks also agree to collaborate on fraud and risk (keep information fresh).
- A token will be unique and represent a combination of both sender and beneficiary information. Focus is initially on ACH Debit. Unclear if multiple tokens will be required in MSB scenario. Banks want visibility beyond settlement account. Multiple ways to achieve.
- Members of scheme agree not to store consumer DDA/account information after token is received (think PCI for ACH).
- Token issuance (by the originating bank) will take into account, KYC, fraud and other factors
- Tokens may be revoked and tokens may correlate to risk/fraud information
- TPS may be required to include beneficiary information for ACH Debit (my guess here). This may take the form of a unique token for every originator-beneficiary combination.
- Authorization and intra bank settlement begins to look exactly like debit card/ATM. Only piece missing are agreements which would support usage outside of V/MA
———- Update 20 Feb—————————————-
It seems the Directory service has credit and debit cards in scope… I haven’t fully processed this one. Why would Visa and MA want banks wrapping the card number? Talk about a scheme to cut them out of the loop. Once proxy numbers are issued they could just dump other networks immediately.. Merchant acceptance becomes the big question mark if this is the case. My guess is that banks will focus on mobile, and eCommerce.. defeating V.me, I’m sure CYBS, AMZN and eBay will all jump at the chance to help banks with their tokens
Token provider rumored to be start up Venmo
In the ACH world, the big banks rule.. and make the rules. My guess is that the top 5 banks will inform (and subsequently enforce) a rule on all TPS ACH debits requiring use of Tokens to access consumer accounts. Given that the big 5 have over 50% of the accounts… if they act in concert it will certainly impact the network. The focus of their action is on Third Party Senders, with mobile payments and remittance services as primary examples.
- NACHA may issue new rules which will change existing ACH. My guess is that we will have a new transaction type (associated with TPS, and token). Note that new NACHA rules become law uniform commercial code.
- NACHA has already begun tightening requirements on TPS/ODFI relationships (Section II, Chapter II (ODFIs), subsection B-3)
- Banks which serve as correspondent aggregators of ACH (for MSBs/TPS) may be pressured to make immediate changes (beneficiary data, tokens). These payment aggregation banks (which frequently serve as ODFI) will likely not be part of the system design
- To “enforce” the rule changes, the large banks will set a date where they will not accept transactions that do not conform
- There will likely be “options” for fraud checking, and accelerated clearing cycle (Carrot?)
- Processing Token transactions will have a different baseline fee
- If your clearing bank is not one of the top 5, they may not even know this is going on
- PayPal, MCX, Google Wallet, Target RedCard are all likely dependent on some form of ACH. They will likely have incremental costs associated with ACH origination as a third party sender. My guess is that it will be at least $0.21.
- The big 5 banks will be best positioned to help any start up navigate this changing environment.
- It may be better for start ups to focus on obtaining consumer debit card information vs. DDA
- Small banks that specialize as ODFIs will be squeezed
- The cost of ACH is going up..