Global payments giant Visa has conspicuously broken ranks with Australian banks and merchants on a once unified stance on electronic and digital payments security, controversially claiming that efforts to reduce card fees could hit fraud detection.
In a clear signal that the Reserve Bank of Australia’s push to allow merchants to choose what rails electronic and digital payments ride on is starting to sting, Visa has used a submission the central bank’s review of payments regulation to assert that “consumers and banks would not benefit from Visa’s innovations, including enhanced security, if transactions were routed on another platform.”
The bold assertion opens a new front in the ongoing battle between US-founded global payment schemes Visa and Mastercard to preserve their network dominance in the tap-and-go payments market by opposing a push to let shopkeepers decide who processes payments to them.
As first revealed in iTnews, grocery giant Coles recently switched its transaction routing for tap payments to run through the eftpos network in an effort to cut costs across billions of dollars of purchases a year made at its checkouts.
The grocery sector for more than a decade has been pushing back against Visa and Mastercard’s lucrative interchange fee structure that creates a revenue stream worth hundreds of millions between issuing and acquiring banks.
However the issue of security has been, until now, regarded as an unofficial no-go zone in terms of mudslinging in financial services industry because of the urgent need to maintain public trust and push down escalating card fraud losses; most of them generated across Visa, Mastercard and American Express’ networks.
The cracking point for Visa is a potential mandate of so-called ‘least cost routing’ or ‘merchant choice routing’ that lets shopkeepers select which rails payments being processed run on.
The Reserve Bank has been pushing banks hard to offer the option for tap payments to maintain competition in the local market, especially as payments increasingly head to ‘glass’ and taps purchases are made from phones.
Visa, along with Mastercard and Amex are no great fans of the concept because it could break their payments oligopoly. Banks are also somewhat ambivalent, but are hedged because they also have stakes in eftpos and BPAY.
“We do not recommend that the RBA mandate MCR. Mandating routing would likely limit innovation and further inhibit consumer choice. As a result, consumers and banks would not benefit from Visa’s innovations, including enhanced security, if transactions were routed on another platform,” Visa said.
Visa claims that on dual network debit cards – those are the ones with both an eftpos bug and Visa and Mastercard bug – the possibility that merchants can control the routing “has the potential to undermine consumers’ confidence and trust that their chosen financial products and services will meet their expectations.”
“For example, financial institutions are increasingly offering services to consumers that enable more robust security solutions, provide access to their financial data, create broader controls over their payment products and generate more consumer-friendly means of payment,” Visa said.
“From early fraud detection and liability protections to setting limits on everyday spend, these services are not necessarily network agnostic and often depend on transactions being routed over a specific network.”
They may not be “network agnostic”, but Australia’s payments fraud statistics reveal the bulk of fraud runs over Visa and Mastercard’s rails, rather than local ones – although a good part of that is down a historical lack of functionality from eftpos for tap and online payments.
The fraud numbers, that need a little unpacking are not pretty. At all.
According to AusPayNet’s official statistics, for the period July 2018 to June 2019 so called payments fraud ‘proprietary debit’ – essentially eftpos – came in at just below $13 million.
That’s a comparatively low figure because it basically excludes online payments that eftpos is still yet to offer. It also largely excludes tap payments, which generally have lower fraud rates.
On the flipside, “scheme credit, debit and charge card” fraud – that’s Visa, MasterCard, Amex, Diners etc – came in at $514 million for the same period. And of that total ‘card not present’, essentially online transactions, chalked up $455 million.
Which is a pretty massive difference, and one not contained in Visa’s submission.
It’s also important to point out that in the AusPayNet statistics, there is no breakdown between scheme credit transactions and scheme debit transactions.
That means that bogus payments from Visa Debit and Debit Mastercard, that access the same bank accounts as eftpos would, are lumped in with all the credit card transactions – so it’s as clear as mud.
It also means there’s no public information available on how much money is being defrauded directly from bank accounts via Visa Debit and Debit Mastercard – that’s cash that moves out – rather than credit card transactions that offer a 50 day interest free period and can be more easily disputed.
The card-not-present fraud phenomenon is now so bad that even the Governor of the Reserve Bank of Australia, Philip Lowe, outed himself as a carding victim at the 2018 AusPayNet Summit, a very awkward moment for banks and schemes in the room.
Banks and schemes also strongly emphasis that consumers essentially have zero liability for card fraud, but publicise less that they pass through the cost to the merchants where stolen cards and credentials are used.
Merchants don’t like that one bit, having repeatedly called for the liability shift to them to be reversed, especially as they don’t issue the cards and pay banks to process the transactions.
Unsurprisingly, the Council of Small Businesses in Australia (COSBOA) has a very different take to Visa in its submission to the RBA’s regulatory review.
“The total quantum of [fraud] loss continues to grow and is placing Australian retailers at a significant competitive disadvantage in an increasingly digitalised global retail market,” COSBOA said in its submission, telling the RBA it should “stipulate a requirement for retail payment systems to utilise ‘token’ technology.”
“To avoid a repeat of the competitive distortion created by the switch to contactless card payment, it is strongly recommended that this functionality be developed as a generic platform (for use by all retail card payment systems).”
COSBOA also wants least cost routing / merchant choice routing to be dynamic so the terminal uses an algorithm to determine the cheapest rails rather than relying on set and forget.
“COSBOA believes that the ‘binary’ (or ‘Dumb’) LCR technology that has been introduced by all but a select few payment system providers does not provide retailers with the capacity to select the least cost payment gateway for debit transactions.”