More than once in recent weeks I’ve had people ask why I am interested in digital currency, account-to-account transfers and decentralised finance. They’ve said something along the lines of “payments work well” or possibly even “the payments sector is cost-effective and provides excellent value for money”. I am unconvinced. Here are my last three payments. You can judge whether you think that the payments industry is working well or not.
Faster And Slower Payments
First, I needed to send some money to a friend of mine (who I have sent money to before) so I decided to use instant payments (or what we in the UK called “faster payments”, although faster than what is never specified). I opened up my bank app and entered his account details. The confirmation of payee came back good, so I pressed the send button. I was just about to text him and tell him that I’d sent the money when a message from the bank popped up to tell me that they would be carrying out security checks so that my payment might be delayed. They said that they “usually” finish the checks and send the money within four hours, although it might take until the end of the next working day. (In fact they called me after about three hours to complete the security checks and allow the transfer.)
(Welcome to the SPS, the Slower Payment System. Colour me sceptical as to whether this wil reduce fraud, because when the bank phones to ask “are you sure this isn’t a fraud”, the customer has already been convinced that she really loves him, that the Rolls Royce is really only £1,000 or that they really are helping Scotland Yard to catch a gang of international money-laundering drug dealers, or whatever.)
For my second payment, I needed to pay a bill. I’d forgotten about it and the business concerned sent me a polite reminder letter with a link to their payment portal. It was quite straightforward: I just clicked on the link, typed in my name and address, and date of birth, and chose the name of the business from a pop up menu, entered the invoice number and the account number from the letter then entered my card number, expiration date and CVV. Simple. In no more than five or ten minutes I was done.
Finally, I needed to pay a medical bill from a surgeon. I found the sort code and account number from the e-mail I’d been sent, which bothered me because the email was not encrypted or signed, so there may have been a business e-mail compromise (BEC) fraud underway. I phoned up to check that these were the right bank details. I was assured that they were and I entered them, got a red message that the details did not match, went back and double checked and realised that I’d typed in the account number incorrectly, re-entered it and then got confirmation of payee and told the bank to send the money. Then I had to go and find my wallet to enter my debit card number, expiration date and CVV. Fortuantely the bank considers people in the medical profession much less of risk than my friend and so there was no security check, even though I’d never sent money to this particulr professional before.
In every case, the payment was time-consuming, inconvenient and error prone.
Layer 2
What should have happened, in every case, is that I should have recieved a request-to-pay (R2P). That is, the person requesting the money should have used their accounts package or banking app or Shopify or whatever to generate a request for funds that would come through a standard service to my designated R2P app (for most people this would I’m sure be their mobile banking app) and then with a single biometric authentication either paid, refused or delayed the request. End of. No typing and retyping, no security checks, no using cards for confirmation.
All of the security and privacy infrastructure that is needed to make this work safely and efficiently would then be hidden from view and it would be the infrastructure, not the customer, that had to check the bank details, the digital signatures on the encrypted invoices and the credentials of the recipients (eg, IS-A-DOCTOR, HAS-REAL-ESTATE-LICENCE and so on).
With a financial infrastructure like this in place, my friend would send his request for payment, the bank would check the digital signatures on the request and do their security checks before before the request ever shows up in my app. When the business sends me the invoice to pay, I will never see it unless the bank has already verified that the request comes from an authorised officer at a legitmate business.
Layer 2
Account-to-account payments are growing everywhere. I think Brad Goad, Chief Revenue Officer for Matera, a Brazilian bank tech company that offers instant payment software, is right to say that merchants will drive the adoption because “they have the most to gain” from a more streamlined payment system (and you can see from Visa and Mastercard announcements and acquisitions that they think this too). Data Bridge Research predict that instant payments will account for one in three of all consumer transactions globally by 2029 but that won’t happen unless we can up take a big step forward in security, privacy, convenience and capability for A2A transactions: we need a Layer 2.
We know what it is. R2P and its cousin VRP (variable recurring payment) are the desperately needed Layer 2 for payments and, frankly, we should be moving to a point where they are how consumers interact with the infrastructure by default. No more sending money to someone without a payment request unless you want it to be a surprise gift!
