Monday, June 30, 2003

It's almost July 1.....

Tomorrow, the cross-border bank transfers in euros (applicable to transfers in euros of up to €12 500) within the EU will cost the same as domestic transfers. This measure is being introduced in accordance with Regulation (EC) No 2560/2001 on cross-border payments in euros. Yet, although this sounds great, we should note that:

- in order to qualify for equal charges, customers must provide their bank with the beneficiary's IBAN (International Bank Account Number) and BIC (Bank Identifier Code).

Here lies an interesting challenge for banks/consumers/companies. I'm pretty sure that the next month's we'll hear quite a lot of incidents/anecdotes about the practical problems. The public may expect the regulation to apply anyhow, regardless of the use of IBANs/BICs. The actual IBAN's may be hard to figure out sometimes (especially if calcualted by software, some errors may occur...) etcetera.

Meanwhile, card organisations are also in the playing field. Supposedly Visa Direct should be up and running now (see this press release) but I found no evidence for that. Similarly Mastercard's MoneySend should do the same: provide card holders with an easy and cheap opportunity to transfer money among EU-states to other consumers.

So, we now not only have the above P2P payment mechanisms, but also Paypal, Way2Pay, Certapay, C2it, Let's see how that market develops.

Canada moves over slowly to EMV... so will the Netherlands....?

A recent article in Card Technology outlines that Canada is not planning to rush into EMV as the current card systems do not incur that much fraud to speed the EMV-implementation. Actually this is very much like the Dutch situation.

Yet, in the Netherlands we are subject to the so-called liability shift, imposed by EU regional card organisations. So although, at a recent first Dutch conference on EMV it became clear that we'd also better not rush into EMV, we may need to dismantle the imposed liability shift first. Legally, there appears to be plenty room for that; the imposed liability shift is basically a void legal arrangement under both competition law and principles of fair distribution of responsibilies and liabilities (as applicable through civil law). Also, Visa Canada sets the precedent:

"The Visa Canada Association decided not to set a deadline or impose penalties on members who do not convert to chip because there is no explosion of credit card fraud that requires immediate action, says Derek Fry, president of the Visa Canada Association.

All in all, I would not be surprised if the Netherlands becomes the first European country to ignore the liability shift as an legally irrelevant / void rule. Formally, we'll have to await discussions and further exploration in the Dutch society council on payment systems, but this one issue will be high on their agenda as it means that we can get ourselves the time to slowly and properly migrate to EMV.

Smart pin-use?

Elsevier Magazine reports this week that SNS Bank has for quite some time now introduced a feature for its customers with the name: 'smarter pinnen' (smarter use of the PIN-code). Essentially consumer may choose to use the same card and PIN-code for a number of current accounts and savings accounts.

Fortis Bank will follow with a similar product introduction. Other banks are not eally considering it. Elsevier notes that smart pinnen is easy, but there is always the risk that -in case of a skimming/shoulder surfing attack- all accounts will be emptied.....

Saturday, June 28, 2003

T. Padoa-Schioppa: Private and Public Sector Challenges in the Payment System

For those interested in the agenda of central banks in the area of payment and settlement systems, please read this speech of T. Padoa-Schioppa on Private and Public Sector Challenges in the Payment System.

Thursday, June 26, 2003

Rabo is testing loading procedure Chipknip for sight impaired customers

The Rabobank today announces that it will start testing a 'talking' load point for Chipknip loads. It is designed to be installed in-house in care institutions and revalidation centra, where a lot of the elderely customers require access to their funds and payment means.

The talking load-device is developed for Rabobank by CCV and Interact and has a slow interface; allowing customers the time to understand the spoken instructions and act accordingly. The first reactions appear to be quite positive.

Guide on cross-border payments.....!

To be found on the EU-website. Guide on cross-border payments instructing the EU-citizens on the use of IBAN and BIC.

Tuesday, June 24, 2003

OFT publishes market study on payment systems

This very nice report by the Office of Fair Trade discusses the state of things in the UK with respect to competition in the retail payment industry. Quite a read, but some interesting remarks:

1.35 The costs of becoming a full settlement member of the clearing schemes are not trivial. However, the decentralised (fixed) costs associated with a member’s own infrastructure requirements are perhaps the most substantial barriers to direct access. Nevertheless, the requirement that these decentralised systems are made compatible with the legacy systems of existing members increases the costs of new membership, potentially discouraging entry.

1.37 The justification for preventing non-financial institutions from joining the clearing schemes, at least as recipients of payments, do not appear strong.

1.50 Participants have told the OFT that the continued existence of restrictions on access to card schemes is justified by the need to safeguard the security of the schemes. It is not clear, however, that the current restrictions place requirements on new members commensurate with the risks that those members would place on the schemes. We therefore view the continued existence of the restrictions to be a concern.

Debit-card payments and direct-debits remain secure for now

De Nederlandsche Bank has reported on the security of debit-card payments and direct debits to the Ministry of Finance, that has reported to the Parliament (see this link). The main conclusion is that for now, there is no need to worry about security of these instruments.

The investigation followed after some fraud incidents with both instruments last year. It turns out that 800 debitcards were copied and 20 direct-debit frauds occured. DNB does one suggestion in its reports: to determine the product conditions for the use of the direct debit on the web. The solution to this issue has been proposed earlier on this weblog (see previous entry) and could be implemented quite quickly.

MPSA chooses Simpay as the brandname

Previously, MPSA, the Mobile Payment Service Association, was announced as a cooperative venture of large telco's, providing the basic infrastructure for payment with the mobile phone. Today, it is announced the Brand name for these payment will be Simpay. See also the Simpay website and look at the demo and brief resume's of newly appointed directors.

Sponsoring for public transport payment on the way

Sometime last week, I don't exactly recall when, I've read in a newspaper that parliament had decided to allocate extra funds to speed up the introduction of the public transport payment method (as it would also allow for identification and access control). So we can conclude that all small value payment methods benefit from some intervention by public authorities

- chipknip is mandatory for paying at parking meters (a local tax),

- public transport payments will be subsidized to allow quick identification,

- SMS/0900 payments are fully exempted from supervision law.

Essentially, to be succesfull, any issuer of payment instruments should thus seek endorsement of a public authority.

UPDATE: The Automatiseringsgids reported here on the same issue.

US fear drives EU-biometrics...

Ron Onrust pointed me to this New York Times article on the future use of biometrics in passports of European citizens.

Under the United States' Enhanced Border Security and Visa Entry Reform Act of 2002, countries whose citizens enjoy visa-free travel to the United States — as is the case with most if not all of Western Europe — must issue passports with biometric identifiers no later than Oct. 26, 2004.

"The solution which is mostly likely is a chip in the passport containing fingerprints and eye scans," said Pietro Petrucci, a spokesman for the European Commission.

Apparently biometrics industry in the US has also sponsored the Bush campaign.

Monday, June 23, 2003

Supervisor fines retail store for attracting deposits

Het Financieele Dagblad reports that De Nederlandsche Bank (the central bank), in its role as a supervisor, has fined the company Euro Investment Services (EIS) for € 87.125 as it broke a rule in the supervision law that forbids attracting deposits. If it does not refund the money to consumers, another fine of € 900.000 applies.

The deal is that a computer appliance store, Mercurius, is unable to get funds from banks and uses EIS to attract working capital from the public. The public receive a monthly interest of 5 %.

See also the statement at the DNB-website.

Friday, June 20, 2003

Decision NMa about debit-card fees for Superunie

At the NMa website Dutch readers may download the formal decision with respect to the complaint of Superunie that its members have had to pay higher prices for debit-card authorisations than Ahold subsidiaries. The complaint is not honoured. See the NMa decision.

Thursday, June 19, 2003

Conference on EMV: open dialog on business issues needed

During yesterdays lively conference on the introduction of EMV in the Netherlands, the main suggestion to the Maatschappelijk Overleg Betalingsverkeer was to broaden the discussion and to:

- discuss both business issues (fraud, liability shift) and technical/functional theme's,

- involve the ICT-players such as builders of terminals and processing service providers.

A brief summary of the conference and its main results will be published next week.

Internet Payments Fraud: A Primer for Merchants

Nice report, to be downloaded here.

Saturday, June 14, 2003

Chip-trial Northampton proceeding nicely

The Guardian reports on the CHIP-and-PIN trial in the UK:

But so far shopkeepers in Northampton seemed to have given the thumbs up to the new cards, with no reports of any technical difficulties or baffled customers.

Wednesday, June 11, 2003

More online banking in the Netherlands

Automatisering Gids reports that a Nielsen study reveals that Rabobank (1,9 million unique visitors in the first qurter of 2003) is the biggest on-line bank in the Netherlands (and Europe). Number two in the Netherlands is Postbank (with 1,1 million unique visitors) and number three is ABN Amro (850.000 unique visitors).

In addition it would be interesting to know how many of these users also (still) use the telebanking facilities of their banks.

Web payments in the Netherlands

Erwin Boogert reports at Planet Internet about web payments research by Blauw and It turns out that at the moment remote-payment behaviour in the Netherlands is:

- inpayment (acceptgiro): 31 %

- credit card: 22 %

- one time direct debit: 12 %

- internet banking: 10 %

- credit-transfer: 8 %

- cash on delivery: 8 %

The remaining 9 % is unexplained.

Tuesday, June 10, 2003

BugBear learns new tricks, targets financial institutions

Government Computer News (GCN) daily news reports that the new version of BugBear targets financial institutions by logging keystrokes of the user and sending the logfile over the web to one out of ten e-mail addresses. That would possibly work for gaining illegitimate entry to those banks that use user id-password combinations as the basis for web-banking. But the Dutch banks' security culture is a little different (and more advanced), so we don't need to fear.

Instruments for self-regulation...

In the Dutch payment industry, self regulation has long been the major mode of operation. Only recently did more specific intervention take place by for example the local competition authority and the European Commission. SEO, a foundation for economic research, has listed all possible instruments for self-regulation in this report which may come in handy for those looking for the most effective self regulating instruments.

Saturday, June 07, 2003

US Fraud attempt with Dutch credit-cards

Het Financieele Dagblad reports that at least ten thousand Dutch credit cards were blocked this week by Interpay, following a fraud-attack from the US. Crooks have stolen or bought these numbers and attempted to buy all kinds of stuff. Yet, the detection system of Interpay recognized the unusual transactions.

Following the detection of curious payments of some hundred card holders, Interpay blocked a group of 10.000 cards on Wednesday and immediately informed the Dutch card holders. Card holders are asked to verify the payments and will be provided a new card within 10 days. Those card holders that just left or were leaving for their holidays may use the regular emergency-cash procedures for cash on holidays.

Friday, June 06, 2003

Benefits of EMV for banks?

Cards Worldwide has a fine article on the impacts of migration to EMV for banks. It is written by Sirus Zafar, Director Application Development and IT, MUZO. He states that the benefits for banks are unsure.

The potential benefits are:

- fraud reduction,

- increasing number of off-line transactions,

- usage for other applications,

but whether they can be realised in practice is unsure.

The first Dutch discussion on these and other policy issues, related to the introduction of EMV, will be the subject of this conference (Van strip naar chip).

Nijmegen accepts credit-cards in parking meters

Epaynews reports:

Jun 06 2003 : Credit card payments for parking are possible in the Dutch city of Nijmegen under a cross-border credit card parking initiative that also supports payments with the domestic e-purse, ChipKnip. Nijmegen’s initial pay-and-display ticket machines for parking, accepted ChipKnip payments, but German visitors to the city were unable to use their e-purse, GeldKarte, at the machines. Consequently, Nijmegen’s municipal office chose to install new ticket machines alongside the cash/ChipKnip versions, with a GSM modem for the online authorization of card transactions, instead of adapting the old machines for cross-border payments.

Eleven parking ticket machines have been set up in Nijmegen, with CardEase technology from UK firm, CreditCall Communications, enabling the acceptance of credit cards and international debit cards for sums as little as €1. When a motorist enters their card in the machines, provided by UK vendor, Metric, CreditCall leverages its in-country infrastructure and the GSM network, to route authorization data to its servers in Bristol, UK. Cards from Visa, MasterCard and Maestro are accepted at the machines, and a bank in Ireland acquires the transactions, which generate a ticket in about 15 seconds.

See also the Nijmegen parking website. As a matter of fact, Nijmegenaars may also pay with the citychip (a local loyalty system). Or with the mobility card of ANWB, a card that combines the Chipknip, a loyalty-system for filling up gasoline and a Visa credit card and costs only 16 euro per year for ANWB members.

Thursday, June 05, 2003

Supermarkets may claim money from Interpay

Het Financieele Dagblad (paid) reports today that the collective organisation of supermarkets (centraal bureau levensmiddelenhandel) has threatened to issues a financial claim at Interpay, given the high fees for debit-card transactions.

Monday, June 02, 2003


PayperNews has signed a deal with the Times to use their digitalisation technology for delivery of articles/newspapers on the web. As reported by Emerce. Times website states that it costs a 75 pounds sterling per year.

Rabobank does it best in the Netherlands...

.. according to a survey by Het Financieele Dagblad and Vallstein Consultancy. The results in grades, given by business customers of the banks are:

-Rabobank: 7,4

-Fortis Bank: 7,2

-ING: 7,1

-ABN AMRO: 6,7

ABN AMRO clearly pays for the result of reorganisations. And I would not be surprised if the consumer-side of a similar survey would show similar results.