Sunday, January 25, 2015

8583 is Obsolete; So Why Don’t Payment Networks Replace It



Using a bit mapped data protocol in an HTML world is a bit like using candles to light a house. The candles only light parts of the interior; the occupants must carry a candle around from room to room; and wax drips on every surface with the slightest breeze. ISO 8583 similarly requires data remain in a precise location; requires a maximum length; cannot allow different data attributes; and does not allow the growth of new fields easily. In today’s rapidly evolving payment infrastructure, the use of such a dinosaur as 8583 increases transaction costs, increases the risks of badly formed messages, and slows innovation.

There is a good reason why the payment services industry does not use a tagged based data protocol (such as 20022); it may make many players in the industry obsolete.  If a data protocol can be accessed easily and free from anywhere on the net; have fields added by anyone that needed to add one (by use of schema links attached to messages); and use HTML; then payment messages to issuers need not originate from acquirers, forwarders, or gateways. Any personal device has the ability to transmit a payment order using a common tagged based protocol and it is simple for financial institutions (FI) to write sending and receiving applications using the data protocol.

Enhanced security may cause this shift away from the current status quo. All transactions will need approval in real time, originate from a known device, use a derived encryption key unique to the device, and contain a meaningful origination location. Issuers can create many varied security methods using different logic for validating users. This diversity of approach minimizes the gain from any one successful attack.

There will be no difference in paying a person, or a business, or a government.  Payers can pay the fees associated with use of such a system, which issuers may waive to encourage the use of their institutions, especially for large value accounts. Issuers also may be able to collect sales taxes depending on the interpretation of the data and immediately move the money to the government entities benefitting from a particular transaction.

Apple Pay and the grousing about interchange fees may also start the move to a better data protocol. How long will it take before the internet industry gets tired of moving payment data through the likes of First Data? When will Google negotiate with the big issuers, create their own links, use their own modern data protocol, and become their own authorizing agents?  FIs can stop worrying about courts limiting their interchange fees and make any deals they want until true competitors force fees south.  The first step: create the data protocol and place it on an easily accessible site and see what happens.

Next Blog: What happened to the anticipated data scraping attacks over the holidays, shhhh

1 comment: