The Netherlands provides a particularly interesting example. Half of all online shoppers in the Netherlands use IDEAL, a bank-oriented payment system that started in 2005. To effect an IDEAL payment, the consumer is directed back to their own bank where they log in using bank authentication and authorize the payment. Then are then seamlessly directed back to the merchant. The system is popular with merchants because it delivers immediate payment (customers cannot charge back the payment) with bank security, and customers like it because they do not need another secure, two-factor or other complex log in. To date, there has been no reported fraud through the system.
As of March 2010, the scheme had 5.8m users and 15,000 participating merchants. More Dutch web merchants (88%) accept iDEAL than credit cards (about half) or PayPal (about a fifth). Approximately half of all Dutch e-commerce transactions go through iDEAL only four years after launch, which I think is a remarkable success. This leads me to wonder whether the much-vaunted “third scheme” in European payments might be an online-only interconnection between national account-centric systems rather than yet another card scheme? I shall test this idea out on a few people.
Meanwhile, I think I remember hearing at IPS that there have been some discussions involving the International Council of Payment Network Operators (ICPNO), the European E-Commerce and Mail-Order Trade Association (EMOTA) and the ECB to see whether some form of pan-European IDEAL-alike might work. I think this is a promising line of discussion, but I would prefer to see a slightly more sophisticated approach that builds on something else, a pan-European bank-centric identity infrastructure. The reason for this is to avoid the need to have a switch in the middle, because the “acquirers” can go directly over the Internet to the “issuers”.
Then, I go to pay online for my Greek holiday villa and I present my UK Barclays identity: let’s call it leadbelly.gutbucket!barclays.co.uk and assume it’s in the form of a public key certificate (PKC). the Greek web site’s acquiring bank bounces me back to my UK Barclays account (easy, since it just picks up the domain barclays.co.uk and feeds to a “!” web services gateway) and then Barclays authenticates me (it sends a message encrypted with the public key from the certificate: I am the only person in the world who can read this, because I am the only person in the world with the corresponding private key.
Barclays tells the Greek bank “yep, it’s him, and here’s the money”, initiating a SEPA Credit Transfer (via Euro-FPS!!) in the background and including all of the relevant details in the XML. The Greek acquiring bank tells the web site and the villa is booked. Note that at no point during this transaction does the Greek merchant see either my bank details or my real identity, since these are the preserve of the trusted entities in the transaction, the banks.
Of course, personally, I will still carry on using credit cards because of the rules, rights and frequent flyer miles that go with them, but that’s another story.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]