1 / 36

E-Payments Lisa K. Abe

rudolph
Download Presentation

E-Payments Lisa K. Abe

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. E-Payments Lisa K. Abe Toronto Computer Lawyers Group February 11, 2008

    2. Electronic Payment Systems Debit card processing – Interac and Acxsys Credit card processing networks Technologies Parties Contractual relationships Rules and regulations Legal issues

    3. Interac’s History Let me tell you about our history. In 1984 out of a desire to share ABMs the Association was created by 5 major financial institutions. The first Shared Cash Dispensing transaction occurred in 1986 And that first year, the service was used 6.2 million times. Interac Direct Payment was piloted in 1990 and was rolled out nationally in 1994 In 1996, the Competition Tribunal issued the Consent Order, after negotiation between the Competition Bureau and the nine principal Members. Non-Financial Institutions were then allowed to take part in the Shared Services. The same year, Acxsys Corporation was created. In 1997, we reached 319 million Shared Cash Dispensing transactions and 1 billion Interac Direct Payment transactions. In 2003 Acxsys amalgamated with CertaPay Inc. which had created the Email Money Transfer service which was branded INTERAC Email Money Transfer In 2004 we launched a Cross Border Debit service In 2005 our internet payment service INTERAC Online was launched. Finally last year we processed about 4 billion transactions. Let me tell you about our history. In 1984 out of a desire to share ABMs the Association was created by 5 major financial institutions. The first Shared Cash Dispensing transaction occurred in 1986 And that first year, the service was used 6.2 million times. Interac Direct Payment was piloted in 1990 and was rolled out nationally in 1994 In 1996, the Competition Tribunal issued the Consent Order, after negotiation between the Competition Bureau and the nine principal Members. Non-Financial Institutions were then allowed to take part in the Shared Services. The same year, Acxsys Corporation was created. In 1997, we reached 319 million Shared Cash Dispensing transactions and 1 billion Interac Direct Payment transactions. In 2003 Acxsys amalgamated with CertaPay Inc. which had created the Email Money Transfer service which was branded INTERAC Email Money Transfer In 2004 we launched a Cross Border Debit service In 2005 our internet payment service INTERAC Online was launched. Finally last year we processed about 4 billion transactions.

    4. Debit card processing – Interac Interac Association formed in 1984 Unincorporated, not-for-profit Made up of Members that are party to the Memorandum of Association Membership rules have been broadened considerably following Consent Order implementation in 1996 Any corporation incorporated and carrying on business in Canada is eligible for membership in the Association

    5. Debit card processing – Interac (cont.) Only financial institutions can issue debit cards Non-financial institutions permitted to participate in providing Automated Bank Machine (ABM), Point of Sale (POS) and network services First transaction in 1986 - grew from 6.2 Million transactions to 4 Billion transactions Currently 61 Member organizations: mostly financial institutions and one Merchant (Petro Canada) Services are limited to Canada (as per Consent Order) Inter-Member Network (IMN) software controls and monitors network

    6. Interac and anti-competitive acts Application brought against 9 founding members and Interac alleging that they exerted joint dominance over the shared electronic network services that formed the backbone of Interac, contrary to S. 79 Competition Act Size of network in Canada – handled more than 90% of cash dispensing services and 100% POS e-funds transfer services No other network had size or coverage to allow for competition Anti-competitive acts affected competition in shared electronic services market and retail market of shared electronic financial services

    7. Interac and anti-competitive acts Anti-competitive acts included: Restricting membership to deposit-taking financial institutions that were members of CPA Restricting certain network privileges to charter members effectively closing this class of membership to new members Excessively high new member or initiation fees for ABM and Interac Direct Payment (IDP) services Prohibiting members from charging cardholders of other members for ABM use Imposing strict account eligibility criteria and limitations on use of network software precluding or impeding the introduction of new services or innovative products on the network

    8. Interac and anti-competitive acts June 20, 1996 a Consent Order issued requiring Interac to allow all commercial entities that are regulated Canadian financial institutions to have access and some non-charter members to connect directly Interac was opened up to non-financial institutions Consent Order also replaced certain service fees (e.g. on card issuance) with “switch” fees (per transaction basis, charged to all users) and permitted surcharges (e.g. by ABMs)

    9. Acxsys Acxsys formed in 1996 as part of the implementation of the Consent Order Owned by Members For-profit corporation Holder and licensor of the assets: Inter-Member Network (IMN) software Interac TM Provides all management services, staff and facilities to Interac Association In 2004, launched cross-border services, allowing Canadian debit cardholders to make purchases using PIN-based Debit at U.S. merchants Acxsys provides the acquiring gateway between NYCE and the IMN

    10. Players on Interac Issuers Only financial institutions Maintain the accounts and issue debit cards for customers to access demand deposit accounts Direct Connectors - each Direct Connector maintains a communication link with all other Direct Connectors in the network Connect using Interac/Acxsys software Licensees of Interac/Acxsys software Licensees of Interac trade-mark Responsible for Settlement by connection to Canadian Payments Association (CPA) or Settlement Agent

    11. Players (cont.) 2. Acquirers Any Member may be an Acquirer Read debit card at the Merchant’s point of sale (POS) to pay for goods/services or ABM location to withdraw cash Send information from the debit card to the Issuer to verify money is in the account Acquirer must settle with Issuer (done at Bank of Canada under Canadian Payments Association (CPA) Rules) Supply the terminals, integrated system, security, gift cards, e-commerce, host the connection

    12. Players (cont.) 2. Acquirers (cont.) Banks used to be both Acquirers and Issuers Now most banks sold their Acquirer divisions - outsourced to separate companies Scotiabank Chase Paymentech Solutions CIBC Global Payments BMO & RBC Moneris Solutions Corporation Some large acquirers are Direct Connectors, others are Indirect Connectors - access the network by connecting through a Direct Connector

    13. Players (cont.) 3. Connection Service Providers Direct Connectors that provide network connection services to Indirect Connectors Indirect Connectors are service providers that are too small to connect directly to Issuers and Acquirers on the Interac Network Independent sales organizations Distributors of services of Acquirer to Merchants

    14. Players (cont.) 4. White label ABMs Not financial institutions Members of Interac In 1996 – 18,000 ABMs Now – 60,000 ABMs 55% of all transactions Not involved in settlement

    15. Interac Services Shared Cash Dispensing (SCD) cardholders can access their accounts to withdraw cash at automated banking machines (ABMs) 285 million transactions in 2006 Interac Direct Payment (IDP) cardholders can access their accounts to pay for purchases using their debit card 3.3 billion transactions in 2006

    16. Interac Services E-mail money transfer (Certapay) 6 participants (BMO, Scotiabank, RBC, TD, Credit Union Central) Login to online banking Financial Institution authenticates own customers Customer sends Interac e-mail money transfer using only e-mail address E-mail carries the message over the Internet to recipient Recipient answers a question for security from sender Recipient clicks e-mail to login directly to own bank and deposit money in account Banks communicate directly between each other to transfer funds

    17. Interac Services 4. Interac Online Pay for goods and services on Internet At Merchant’s web site, option to pay via Interac Select bank and login directly Bank authenticates own customer Form populated and paid Direct debit to customer’s account Message sent to Merchant to confirm payment No numbers stored at Merchant – no bank information No money transfer to intermediary (e.g. PayPal)

    18. INTERAC Network: Transaction Flow

    19. Interac/Acxsys Technology Inter-Member Network (IMN) software Decentralized architecture Each Direct Connector runs a copy of the IMN software and connects directly with each other In 2002, traditional bilateral communication lines replaced by private IP infrastructure – currently being upgraded to Multi Protocol Label Switching (MPLS) Common communication interface with others Monitoring, measurement and penalties by Interac Three platforms available – IBM, HP, Unix

    20. Contracts – for Debit Card Transactions With Interac: Adherence to Memorandum of Association as Member (counterpart) – adherence to Interac membership rules, regulations, by-laws and standards, e.g. connectivity, colour of keys, security in place to protect PIN IMN Software license with Acxsys if Direct Connector TM license with Acxsys Between Direct and Indirect Connectors Independent of Interac

    21. Contracts (Cont.) Between Issuers and Acquirers (outsourcing) Between Merchants and Acquirers Between Merchants and Connection Service Providers (Indirect Connectors) Between Issuers and Cardholders Between Members and other service providers, e.g. card manufacturing, supply and maintenance Voluntary Canadian Bankers Association Code of Practice for Consumer Debit Card Services

    22. Canadian Payments Association (CPA) Canada’s national payments system encompasses the set of procedures, agreements and rules which guide the clearing, exchange and settlement of payment instruments (i.e. cheques, electronic deposits, debit card transactions) plus the mechanism for effecting settlement This system is operated by the CPA CPA Act stipulates that member financial institutions must belong to one of five classes: Bank of Canada Schedule I and II Chartered Banks Trust and Loan Companies CU Centrals Other deposit taking institutions

    23. CPA (cont.) CPA Rules and standards relating to the transactions passing through shared networks deal with matters such as settlement, security, verification of cardholder, authentication and privacy, all of which provide protection to the consumer CPA Rules bind members and protect safety, soundness, efficiency and privacy of payment transactions CPA Rules for ABMs and POS transactions Rules and standards ensure compatibility among payments services by setting out minimum requirements for items relating to cards, data and message handling CPA also has technical standards which supplement its rules CPA system enables Direct Clearers to enter volume and value information on the items they clear, via computer terminals, at their own data centres at regional settlement points across the country

    24. CPA Players Direct Clearers are those institutions that have settlement accounts at the Bank of Canada and may clear payment items on behalf of other financial institutions known as Indirect Clearers Issuers and Settlement Agents that are Direct Clearers connect to CPA Settlement Agents are CPA members that settle the financial obligations of other members through the CPA’s automated clearing settlement service

    25. Canadian Payments Association (CPA) Settlement of all amounts owing between Issuers Done every evening at the Bank of Canada Bank of Canada is a central network that all Direct Clearers connect into (hub and spoke design)

    26. Credit Card Processing Also hub and spoke design Credit card company (e.g. MasterCard, Visa) is the central clearing and settlement system Merchant’s bank (Acquirer) and Cardholder’s bank (Issuer) each connect to Credit Card network No Bank of Canada connection To be a member of MC or Visa, must be a regulated Financial Institution MasterCard global network has approximately 20 billion transactions annually

    27. Credit Card Processing 4 Party Systems – MasterCard and Visa Cardholders, Issuers, Merchants and Acquirers 3 Party Systems – Amex Cardholders, Merchants, Amex 2 Party Systems – Private label cards Cardholder, Merchant/Financing Company

    28. Anatomy of a 4-Party Credit Card Transaction Merchant swipes card and enters purchase info into POS terminal (supplied by Merchant’s financial institution/Acquirer – also referred to as “Payment Processor”) POS connects to Acquirer’s network which connects to payment network (MC, Visa, etc.) Electronic messages sent across networks to confirm validity of card and availability of funds to cover purchase Merchant receives authentication approval

    29. Anatomy of a 4- Party Credit Card Transaction (cont.) Up to Issuer to flag a problem, e.g. insufficient funds or stolen card In a separate process, funds are transferred from Cardholder’s Issuer to Merchant’s Acquirer (less discount)

    30. Outsourced credit card service providers Provide services to the financial institutions (Acquirers and Issuers) to maintain cardholder accounts, card features and functionality, e.g. airmiles, insurance, cash back, discounts Maintain the records using software Not direct members of MC/Visa, but do have to comply with rules and security obligations, etc. Have access contract with MC/Visa and service contract with Issuer or Acquirer

    31. Contracts – Credit Card Transactions Credit card companies have contracts with Issuers and Acquirers to access card networks Also, Merchant requirements for securing cardholder information Payment Card Industry (PCI) Data Security Standards for storing, processing or transmitting cardholder data Applies to Merchants and solutions providers Compliance and validation/audit

    32. E-Payment Legal Issues Effects of competition in evolving online market Risks of e-commerce e.g. data integrity, reliability, authenticity, authority (source) Liability, e.g. for errors, malfunctions, loss, damage, delays, third party service providers Fraud, e.g. stolen cards, passwords, Merchants, ABMs – chip cards (Canada, Europe, Japan, Hong Kong – not complete in U.S., so fraud moving south) Privacy, security and consumer protection Canadian Bankers Association Code of Practice for Consumer Debit Card Services IP infringement, e.g. patents on networks and processes Compliance with applicable laws, rules, regulations and standards

    33. CHIP (IC) Cards EMVCo LLC was formed in February 1999 by Europay International, MasterCard International and Visa International to manage, maintain and enhance the EMV™ Integrated Circuit Card Specifications for payment systems. EMVCo's primary role is to manage, maintain and enhance the EMV Integrated Circuit Card Specifications to ensure interoperability and acceptance of payment system integrated circuit cards on a worldwide basis. EMVCo is also responsible for type approval processes for terminal compliance testing and Common Core Definitions (CCD) and Common Payment Application (CPA) card compliance testing. These testing processes ensure that a single terminal and card approval process is developed at a level that will allow cross payment system interoperability through compliance with the EMV specifications.

    34. Contract Drafting Tips Contracts between direct and indirect players, subcontractors and outsourcers Need to ensure contract terms are consistent with type of payment system and use consistent terminology Compliance with systems’/associations’ rules, by-laws, regulations, guidelines, policies and standards Confidentiality of network requirements Ability to conduct due diligence, inspection and audits of party and any related/connecting parties Prior consent to and due diligence of subcontractor

    35. Contract Drafting Tips (cont.) Assumption of obligations by third party subcontractor Insolvency protection, disclosure of material changes Rights of immediate termination for non-compliance Officers’ certificate re no knowledge of material risk to security or integrity of services and no current charges against him/her re any form of financial crime Due diligence to include corporate credit checks, individual criminal records checks and verification of processes to ensure compliance with applicable security and technical standards

    36. Conclusion Technology lawyers must understand how the systems work, who the players are and what rules apply to draft appropriate agreements Risks of electronic payments may require creative drafting to fairly allocate the risks of liability Technological innovation will continue to evolve Canada’s e-payment systems and to bring more challenges

    37. This presentation contains statements of general principles and not legal opinions and should not be acted upon without first consulting a lawyer who will provide analysis and advice on a specific matter. Fasken Martineau DuMoulin LLP is a limited liability partnership under the laws of Ontario and includes law corporations.

More Related