I've been trying to figure out how the different companies get together to manage card payments. It's a complicated business, and I’m still learning. Readers, please do comment and correct my understanding.
Fundamentally it seems card payments are fairly simple; what has caused complexity is the way that each role has been split up. So let’s begin at the beginning and take it forward.
The basic ecosystem
Let’s begin with the ‘Four-party Scheme’. This is the basic model for credit and debit card payments:
The Cardholder makes payments.
The Merchant receives payments from the Cardholder.
The Issuer provides banking facilities to the Cardholder. This includes the card itself, along with regular statements and facilities to deal with fraud or card loss.
The Acquirer provides banking acceptance facilities to the Merchant. This includes the hardware and systems to receive payments, fraud detection, and arranging the appropriate net transfer of funds from Issuers.
The names, Issuer and Acquirer, I believe, come from the processing of cheques: before electronic card payments, Issuers would issue cheques; Acquirers would collect and process them. Both will typically be banks.
So, for example, a typical Cardholder might be John Smith. The Merchant might be Jones’ Butcher in Penrith. The Issuer, then, could be John Smith's bank, Barclays, who has supplied him with a debit card. The Acquirer is Jones’ Butcher’s bank - RBS, say.
When John makes a payment to Jones’ Butcher, the transaction generates 'paperwork', which in due course causes funds to move from Barclays to RBS. Nowadays, of course, the paperwork is usually electronic.
However it’s only this simple if there is a direct relationship between the Issuer and the Acquirer. That's fine if there are only a small number of banks involved, but it doesn’t scale. So the next step is to introduce a payment exchange, called a "Scheme".
The scheme acts as a trusted intermediary between Issuers and Acquirers. Examples of schemes are VISA, MasterCard and JCB. Schemes ensure trust between the financial parties involved, define ‘Interchange Fees’ (how much gets paid to the Issuer for each transaction),
and make it possible for any financial institution to exchange payments with any other.
Extending the ecosystem
As payments have become more complex, with Chip'n'PIN or eCommerce (web) facilities required by the Merchants, so providing the payment acceptance part of the Acquirer service has become more complex for the issuers. So there are “Payment Service Providers”
who specialise in that, such as Worldpay, CCBill, or SagePay. They may be employed by the Acquirer, to provide a service for their Merchants; or by the Merchant, to avoid being locked to a specific Acquirer or Scheme.
In addition, the cost to a Merchant of setting up with an Acquirer is quite high; so there are Aggregators, such as Square, iZettle or PayPal, who work with lots of small merchants but only pay the Acquirer costs of a single merchant. Other specialist companies
can provide additional niche services to either Merchants or Acquirers: Fraud detection, Hardware terminals, and Software Providers.
At the Issuer end of the value chain, customers value the association or discounts their favourite Brands can offer in a payment card; the Brands, in turn value the additional engagement with their customers: Virgin, O2, Hilton, Marks&Spencer and hundreds
of others. Most such Brands don’t want to manage payment cards themselves, and employ Programme Managers to provide a ‘white label’ Issuer service for them. For UK prepaid cards such Programme Managers include Prepay Solutions (PPS), Advanced Payment Solutions
(APS) and First Data International.
And of course other companies provide niche services to the Issuers: Creators of Cards, Fraud detection; Call Centres, and more Software Providers.
A word of caution: Please bear in mind that all of these names are just roles: a given organization may provide several of them. For example, American Express acts as Issuer, Scheme, Acquirer, and supplies most of the other roles too. And some business
models involve multiple roles: many prepaid cards, for example, are both Issuer (to make payments) and Acquirer (to support top-ups). Too, there’s no industry standard for any role names except Issuer and Acquirer – I’ve merely used the most common names
Moving to Mobile Payments
Many of the roles are starting to involve a mobile phone app as part of the proposition:
- Issuers provide account management apps, or integrate account management into Brand apps.
- Aggregators use smartphones or pads as the processors for their ‘Point of Sale’ devices.
- Merchants increasingly include payment acceptance functionality into their apps, and look to the Payment Service Providers to facilitate that.
Recently, mobile phones have started to allow the phone to replace the physical card. The business models for these are not yet clear, but the technical mechanisms introduce further players. There are currently two approaches, which I’ll call ‘online’,
and ‘secure-element’ based.
Online Payments require the phone to be connected via broadband to the Issuer service, and use a variety of mechanisms to connect to the merchant. Examples are PayPal, Square, and BankInter of Spain (NFC payments). These require support only from Software
The alternative requires a ‘Secure Element’ on the phone – an uncrackable processor controlled by a third party: a ‘Secure Element Owner’. This might be a Phone Manufacturer such as Samsung; or it can be a ‘Network Operator’, such as Vodafone, EE, or a
‘Carrier’ in the ISIS consortium), with support from TSM Providers, SIM Providers and Software Providers.
And that’s it! A full ecosystem.