Perhaps there is some displacement going on here. Perhaps the Commission are upset because they pushed for SEPA and SCF. It is now clear that SCF will lead to an increase in the average merchant service charge in Europe as low-cost domestic debit schemes are replaced by more expensive international credit and debit schemes (ie, Visa and MasterCard branded cards). But it’s an interesting development to move on and begin the attack on EMV.
I’m not for one moment suggesting that EMV is perfect and ought to be beyond criticism. There’s a lot wrong with it. But my suspicion is that what is behind Nellie’s words is the thinking that the currently non-existent “third scheme” in Europe ought not to be founded merely as another brand, another set of scheme rules, on top of the existing EMV infrastructure but an entirely new infrastructure more suited to the 21st century (that is, more suited to contactless, mobile, prepaid, the Internet and all sorts of other modern fancies). Well, I hope that’s what it is. I think the idea of an open-source third scheme might be quite an exciting development, and you could certainly imagine a situation where there’s a “payment Linux” used by everyone and where schemes compete on products and services by using it.
It’s diverting to think what such a scheme might look like. Purely for the purposes of amusement let us consider one or two of the functions and characteristics of a potential replacement while avoiding trivial English schoolboy “not on your Nellie puns”. I think if it were up to me, I would begin with the process of gathering requirements by making sure that all of the stakeholders are adequately represented in the initial brainstorming. This doesn’t just mean the usual suspects, banks and retailers, but a much wider range of people with a variety of perspectives. Of course, I would be particularly keen to obtain perspectives from those who have already developed new ideas from the deployment of chip and pin as well as mobile and Internet payments, which means the police, regulators and members of the public.
With those requirements in place, I might suspect that a small number of guiding principles might be applied to help with the sketching of the solution space. Here are a couple that I’ll throw out to start the discussion.
First of all we need to decouple multiple concerns at the right levels. I have a particular view of this because I have long thought that the digital money and digital identity components of such a system should be both more distinct and more explicit, to allow for appropriate configurations of products. What I mean by this is that for some categories, for example cash replacement low-value purchases, the identity component might be set to anonymity whereas for other transactions it might be set to pseudonymity and for yet other transactions it might be set to full disclosure. In fact, I’d go a bit further and say that it seems to me that if the identity elements can be “solved” through the use of digital identity infrastructure provided by someone else (with the obvious someone else in Europe being national governments) then the payment elements actually become a lot simpler. As a customer wandering into a shop to buy a pair of shoes in 10 years time I think I might reasonably expect to use any one of a number of tokens to link to identity infrastructure and through that infrastructure connect with any one of a number of payment products. Once you’ve got identity out of the way, payments aren’t that complicated, are they?
Second, I’d want a much better certification process, so that lots of vendors could compete to build products and get them tested and certified in a fast and inexpensive way. Thus, any retailer (in fact, anyone, since my imaginary payments Linux wouldn’t distinguish) could accept payment from any approved device. If I wanted to download the Virgin Media payment application, that puts low-value payments on my bill, to my mobile phone then I ought to be able to just do it.
Third (and final point, for the time being), the infrastructure should be built on next generation technology because it takes a long time to roll out. If we posit last generation technology, playing to the conservative nature of large organisations, we end up with stuff that is way out of date. A big question about that infrastructure would be. once again, the basic “online or offline” choice. Looking back now, you might well argue that from a historical perspective that the existing infrastructure came about at precisely the wrong time. Advances in smart card technology and the state of the European telecommunications industry led the designers of EMV to optimise for an environment that was about to vanish. Just as everything went online, EMV was being built for offline. We don’t want to be caught out, so we need a much more sophisticated technology roadmap as a backdrop to the process, recognising that it takes years for this kind of infrastructure to come together. So do we optimise for offline payments with occasional online, or online payments with limited offline functionality, or what?
I’m keen to gather suggestions that we can pass on to the Commission at an appropriate time, so do let me know what you think!!
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]