Security Blog

Instant payments or Life is now, so pay me now

Many words have been exchanged around the concept of a “cashless society” recently. It is uncertain whether a pure cashless society will ever practically take place – according to its most radical assumptions – and with the many voices highlighting the sinister side of it (or simply claiming that it’s “just a creepy fantasy”). But, one thing is for sure; there is a hectic and crowded race to be the first to plant the “we’re cashless!” flag on top of the highest hill.

From such a standpoint, Sweden surely leads the race in Europe. At the heart of it, is the instant money transfer app Swish, a joint collaboration between the six major banks in Sweden. In short, Swish – like the many other “instant payment” solutions – enables consumers to make real-time payments using their mobile phone. Real-time payments are undoubtedly changing the reality of payments nowadays, making it extremely simple and quick to pay friends and customers, as well as to settle bills and transfer money. It is possibly the most concrete answer to consumers’ growing expectation for faster payment schemes, with faster settlement periods.

The question remains: will the new “pay now” paradigm in electronic transactions eventually replace traditional payment types – checks, credit, debit, prepaid, and the like? The definition provided by the ERPB (European Retail Payments Board) is pretty clear in regard to that. Instant payments are indeed defined as “electronic retail payment solutions available 24/7/365 and resulting in the immediate or close-to-immediate interbank clearing of the transaction and crediting of the payee’s account with confirmation to the payer (within seconds of payment initiation)”.

While it is not easy to predict when this will occur – if ever – it is clear that the “instant payment” theme has been seriously considered by the various decision-making bodies in the banking industry. The EPC (European Payments Council), in particular, has put considerable effort into the topic. Partly in reaction to the lack of a conveniently harmonized pan-European scheme enabling instant payments in euro across SEPA, the Single Euro Payments Area. Recent news would in fact tell us that we might be very close to preventing fragmentation of real-time payment solutions. Assuming it’s true that a SEPA Instant Credit Transfer (SCT Inst.) scheme is scheduled to be published this month, November 2016, following a three-month public consultation (April to July). The EPC SCT Inst. scheme, which would enter into force in November 2017, to give all stakeholders enough time to comply, is going to focus on the business and technical rules of instant credit transfers, eventually making instant credit transfers in SEPA a reality.

Very briefly – we’ll most likely drill down into the technical details in future posts – these are the main features of the proposed scheme:

  • Designed for euro transactions (although the payment accounts held at Payment Service Providers (PSPs) do not have to be denominated in euro)
  • Optional scheme, so PSPs operating within SEPA will not be obliged to adhere to it
  • Instant payments will become the closest substitute to cash: the transfer of money is immediate and required to be available on a 24/7/365 basis.
  • Transactions shall have a well-established initial maximum duration. The originator banks, in particular, are obliged to guarantee settlement within a maximum execution time of ten seconds, with a time-out deadline and an optional SCT Inst. status inquiry procedure in case the maximum execution time of ten seconds cannot be met due to exceptional processing circumstances
  • Initial maximum amount limit per instruction, established in 15k euro.

We are all very excited and eager to read the first official release as soon as it becomes available.

It will also be interesting to see how the Brands are planning to react to this impending paradigm shift in the payment industry, which might result in an eventual move of the entire market towards complete card-less payments. The question is: is PCI DSS doomed to a short life or just to new life in different shape and capacity?

  • 24 Solutions AB
  • Smedjegatan 2C
  • SE-13154 Nacka, Sweden
  • +46 (0)8 535 24 100
  • info@24solutions.com