Let me (for the purposes of this post) define acquirer as
any entity between a purchaser and the purchaser’s financial institution. This
definition is far too broad for a typical discussion of the payment services
industry; however it suits the point of this post quite nicely. The definition
makes any part of the payment network providers (regardless of brand or size)
an acquirer, It leaves an issuing FI or its authorizing agent, the sole party
needed for a financial transaction with
a payer and it is a very scary concept to payment network providers.
To demonstrate the concept Diagram 26 shows the current
retail payment system infrastructure present in many countries today.
Diagram 26: The Acquiring Function Infrastructure
And Diagram 27 shows an imaginary structure without an
acquirer.
Diagram 27: Hypothetical Payment Hub without Acquirer
I ask my readers which diagram depicts a cheaper network easier
to deploy and more adaptable to the emerging human communication methods.
The reason we cannot implement diagram 27 right now is
because data transport standards encapsulating payment information from a personal
electronic device (PED) do not exist. Such standards need to adapt a key
management scheme such as DUKPT, a reasonable number of digits to be stored in
secure areas of the PED for use as offsets, transaction counters, etc. and more
importantly able to accommodate an astronomical number of individual PEDs.
Another reason we cannot implement diagram 27 right now is
because of the insistence that payees pull payment from payer accounts instead
of payers pushing payments to payee accounts. If we build the standards the
more efficient push method of payment will come because it eliminates
regulation E in the US and more importantly for the rest of the world it
eliminates switching fees.
The standard needs much more detail than a reasonable
encryption scheme and I can think of many elements that need careful
consideration among technical folks from quite a few different industries, so
the sooner, we build a standards technical committee, then the sooner we can
build a payment hub that gives the security payers need at a fraction of the current costs.
Next Blog: Why
queues containing payment data in the clear are the biggest target today
No comments:
Post a Comment