There are a wide range of issues caused by the processes which online payments currently use. Any system that attempts to solve these issues must have certain features. There already exist alternative payment systems that implement these features but because of the need to avoid existing financial infrastructure they suffer from other problems that inhibit large scale adoption. There are, however, some promising changes in the Australia national settlement service that suggest another way.

Issues with current online payments


The principal issue with online payment systems is that they are dominated by "card networks", e.g. Visa and Mastercard. These card networks act as intermediatories between national settlement services (like Australia's RITS) and banks. The market for processing an online payment is an oligopoly consisting, in Australia at least, of Visa and Mastercard. There are other ways to accept and process payments online, e.g. direct transfers, B-Pay and Poli, but they have very small market share.

This oligopoly has stiffled inovation and artificially inflated fees. This has been such a pressing issue that the RBA has had a number of reviews of the card payment system is Australia. You can take a look here and here. One of the reasons for the New Payment Platform is a desire to introduce additional competition and, in particular, reduce interchange fees.

Outdated process

Visa was founded in 1958. Mastercard was founded in 1966. The processes by which a credit card payment is settled have been updated over time but their core has not changed. These processes assume that merchants should be responsible for;

  1. determining if the customer has enough money, and,
  2. removing money from the customers account.
Implicit here is a separation the person that authorises a payment from the person to enacts the payment.

Contrast this with a cash payment where proof of sufficient money is demonstrated by the customer (can they give the merchant enough cash) and responsibility for moving money also lies with the customer (the act of actually handing the money to the merchant).

This separation has big implications:

  1. Inherent vulnerability

    Merchants must be able to use a credit card number to request money from a customers account. In the best case this request should also be accompanied with some indication that the customer has approved this removal of money. Such an approval is virtually impossible for card not present transactions. It is no surprise then that card not present transactions made up 78% of all card fraud in Australian in 2016 and that that figure is growing. The truth is that until card not present transactions are no longer allowed there is no way to prevent credit card fraud. Such transactions, however, are absolutely necessary when buying things online. The APCA published details of payment fraud in Australia. Card fraud in 2016 was $534 million and has been, since 2012, at around 10%.

    There are techniques that help to reduce the rate of fraud but they either can't protect against all types (e.g. pins) or require significant effort on the part of both merchants and customers (e.g. Paypal).

    Ultimately what is needed to remove this vulnerability is a system in which financial details cannot be used as a way to gain access to money. This requires all movements of money to have been explicitly authorised by the customer. This does not prevent all types of fraud as an identity thief maybe able to fraudulently authorise a transaction. It will, however significantly reduce the rate of fraud as identity theft makes up less than 1% of all card fraud in Australia.

  2. Inherent complexity

    There are too many banks for each merchant to be in contact with each bank and, similarly, too many merchants for each bank to contact. Thus this system requires intermediaries, the card networks, to work. This makes the system more complex than it needs to be.

    Due to a failure to get clear authorisation for transactions from customers (for certain types of transactions) processes must exist which allow merchants and customers to dispute and resolve disagreements.

    The inherent vulnerabilities mentioned above require card networks and banks to manage, mitigated and insure against the costs of fraud. This introduces additional layers of complexity.

Too expensive

Compare the cost of handling cash to the cost of taking a credit card payment. Ignoring issues with fraud, the costs to handle, store and move cash to and from a bank are very small. The costs are sufficiently small that almost everyone is willing to accept cash as payment and this can be done by everyone.

Taking a credit card or online payment requires specialised software or hardware. This costs money how much depends on a wide range of factors including turnover, physical vs online sales, the denominations of the sale and sometimes even the type of organisation making / receiving the transaction.

Typically, to take a credit card a payment a merchant will pay a percentage of each transaction to their bank or payment provider. This transaction fee is divided amongst the card network, national settlement service and banks involved in the transaction. Fees are typically around 1% to 2% for physical stores with large regular turnover. For online stores the transaction fee is usually between 2% and 5%, but for some market places the fee can be very high. Apple's app store takes 30%.

The costs do not need to be this high. The low value settlement service (a national settlement service focussing on retail) charges $0.10 / $1 million. That's a transaction fee of 0.00000001%. This fee is not designed to make a profit, nor does it include true costs for support as only financial institutions with ES accounts have access to the system. Never-the-less the fee is 10 million orders of magnitude different from retail transactions fee. There is obviously scope for a cheaper system.

What should a replacement look like?

Ideally any replacement, or supplement, for current online purchases should require that the consumer be responsible for both authorising a payment and moving money. This could be further extended to a system in which it is never possible to request funds from someone else. For this to work such a system must be able to report, in real time, to the merchant when they have received payment. This would have to occur reliably in less than a second.

It is important for users to have a method of authorising and settling a payment that is separate from the merchants as this strengthens security and lessens the need for trust, e.g. helping to reduce card skimming. Similarly merchants will need a way of being notified that a payment for a specific transaction has been performed. Thus a merchant must be able to summarise a transaction in some way and be able to pass this summary on to the customer who then confirms that they want to make this transaction. The technology to do this is already being used by AliPay and by some Bitcoin payment providers. It is reliant on the assumption that all people carry a smartphone - or at least some device capable of OCR or bar code reading.

The process for this is as follows:

  1. The customer indicates that that want to purchase some collection of goods or services.
  2. The merchant provides a code that can be used to access a description of the transaction, the amount of the transaction, and the merchants account.
  3. The customer uses this code to review the transaction information and either approves ore rejects it.
  4. If the customer approves, then the full amount of the transaction is transferred into the merchants account in real time.
  5. The merchant receives confirmation of payment along with the transaction code and provides goods / services.

How can this process be implemented

Both customers and merchants require someway to summarise the data of a transaction, easily transfer that summary and access the data using the summary. There also needs to be a third system which enacts the actual transfer of funds.

There are a huge variety of ways to do all three things. In a sense Bitcoin (and other digital currency) as well as companies like Digi.Cash and projects like GNU Taler are already offering the process outlined above.

In all three cases these companies offer alternate currencies to pay for goods. A user of their services must first buy the appropriate "coin" or transfer money from an existing bank into an account managed by, Bitcoin, Digi.Cash, GNU Taler and so on.

This is done to avoid using current financial infrastructure. This was an unfortunate necessary evil due to the reasons outlines above as well as certain very high barriers to entry (e.g. the vast capital required for an ES account). But there are significant downsides to this;

  • The network effect. People will only use a payment method if they can buy goods with that method and merchants won't invest time to provide a method if people arn't using it.
  • High costs of user acquisition. To use the systems users need to make an account and transfer money which can take considerable time. In some cases either management of the account must be outsourced to a third party or substantial information about how to manage accounts must be learnt
  • Trust in the system. Users must have trust that the company / algorithm behind the implementation will work as intended.
  • Walled garden. Conventional currencies must be converted into the currency of the alternative system. Typically there is a high cost to this, if not financially then in terms of time taken.
  • Splintering of payment products. Due to the network effect splintering of alternate payment products (e.g. the plethora of digital currencies available) weakens each participant.
  • Practical matters. Will the users security, privacy and anonymity be protected? How much trust can merchants have that fraud is impossible / very difficult? How long must users wait for a transfer to occur or to trust that a transfer has occurred? How much technical knowledge is required of users to operate the system? How to cope with volatile exchange rates and large inflatory pressures?

Things are changing, however, and it may no longer be the case that new methods of payment have to avoid current financial infrastructure Settlement services like FAST and NPP provide the possibility of instant settlement of transfers between commercial banks. By accessing this infrastructure a new method for online payments could remove the need to operate as a walled garden separate from the existing financial system. There are, never-the-less, still substantial barriers to entry to use such settlement services. If regulations for such services are the same as existing settlement services in Australia then it is likely that partnership with existing banks will be needed.

The use of real time national settlement is likely to reduce the cost of user acquisition and the network effect. In Australia the NPP is claimed to allow addressing of accounts by phone numbers and email addresses. A new payment method could be reduced to passing messages to the national settlement service to transfer money between accounts addressed in this way.

To address trust and splintering of payment products either a dominate bank, a consortium of banks or the reserve bank it self could provide the basic IT infrastructure needed. Users could opt to access this basic IT infrastructure directly or use a third party who may provide additional services. In this way a form of "online cash" could be used that would avoid current issues with alternative payment methods.