Why card rails ensures the continued growth of card issuers despite new non-card digital payments systems gaining ground

This month I decided to take a look at threats to the card issuers’ dominance of the payments landscape and explore why the numbers of transactions underpinned by card rails still continues to rise.

Global rise of digital wallets

Anyone in the payments world cannot fail to spot the rise of digital wallet-based paying. In the UK alone in 2023 ￡72.5 billion of leisure, retail and hospitality spending went through digital wallets. E-wallets now account for 17 per cent of UK transactions in these markets and rising. According to Retail Economics by 2033 e-wallets’ share of UK transactions will more than double to 39.7 per cent, or ￡210 billion.

Transaction volume of M-Pesa – one of the largest mobile money e-wallet services in Africa – has also seen unrelenting growth in recent years and is now responsible for 26 billion transactions (in the year to 31 March 2023). M-Pesa, which is run by Vodafone and Kenyan telecommunications provider Safaricom, provides payment and financial services even if a customer has no access to a bank account or smart phone. Payments can be completed on a feature phone using the messaging protocol USSD (Unstructured Supplementary Service Data).

Perhaps the most successful adoption growth curve for e-wallets has been in China which seemed to skip an evolutionary payments step by moving from cash dominated transacting straight to rapid and enthusiastic e-wallet adoption. In 2023,?wallet offerings Alipay?and?WeChat Pay?dominated the Chinese digital payments market - nearly 90 per cent of China’s online payment users used one or other of these platforms in the last 12 months.?

Then there is the rise of the ‘super apps’ like Grab which are a strong competitor to Uber throughout South East Asia. Grab offers GrabPay which is its own wallet offering for buying Grab rides, take away food deliveries and more. GrabPay reported revenue of $653 million in the fourth quarter of 2023 as this NASDAQ-listed business continues to grow like topsy. GrabPay is now the most popular e-wallet where I live in Singapore – it has a 35.3 per cent market share here.

Account-to-Account payments also on the rise

Account-to-Account (A2A) payments are another growing area which, on the face of it, seem to threaten the dominance of card-based paying. A2A systems offer to move money directly from a payer’s bank account to a payee’s bank account without the need for intermediaries, such as credit or debit cards.

However, for retail transactions there are currently limited options for using A2A payments. Some providers have started offering A2A payment systems for some online stores. This has been helped by the introduction of open banking, which allows people and businesses to link their accounts with a third party offering payment services – providing a secure and cost-effective open banking can facilitate account-to-account payments for retail transactions and compete with card systems. These A2A offerings are multi-bank and in some cases they identify the bank account for receipt of the money via a mobile phone number rather than the account itself (which often remains hidden from the payer). This feels like an additional layer of security there.

However, as of today, if it turns out you have paid the wrong person - perhaps you got one digit wrong in the mobile number or you were scammed - you cannot reverse or nullify a A2A transaction. You can go to your bank and ask for them to work with the payee to recover the money. However, if he or she has already spent it then there is no simple protocol for redress.

In A2A, unwinding a transaction cannot be assured, unlike for card rails-based payments which have built in protocols for cancelling or even reversing a transaction before any money moves – either for a technical reason (e.g. the network went down midway through), or by the merchant to correct an error by the merchant, such as mistyping the transaction value.

Closed loop versus open loop payments

Closed loop e-wallets enable you to move money from one e-wallet to another. However, they offer clear limitations when it comes to transacting across country borders (in Europe, Asia and elsewhere). This is because closed loop operators tend to be nationally orientated, rather than global. The standards and communications protocols they use for transacting very often do not work as soon as you cross a border or move to a different mobile operator.

By contrast, GrabPay (like the majority of e-wallet market players today) relies on linkage to your credit or debit card for top ups prior to payments. In the jargon, it is an open loop e-wallet. According to recent market data, open-loop e-wallets account for approximately 60 per cent of the total e-wallet market in terms of both active wallets and volume of transactions. Apple Pay and Google Pay are the largest players in the open-loop e-wallet market, accounting for about 20 per cent and 30 per cent respectively in terms of active wallets and volume of transactions.

So, in fact six out of every 10 digital wallet-initiated transactions are enabled by card rails in the background and use the payments infrastructure that is regulated by the Payment Card Industry Data Security Standard (PCI-DSS) and secured using EMV, the ubiquitous payment method based on a technical standard for smart payment cards, payment terminals and ATMs which can accept them.

Card based transactions and card numbers are also continuing to grow rapidly

Herein lies a clue to the continue inexorable rise in the use of card-based payments even as e-wallet transacting sees major growth. The card issuers enable a big piece of the e-wallet market as well!

It perhaps explains why approximately?5.3 billion active credit cards and?over 12 billion debit cards were in circulation worldwide by the end of last year - and these number just keep on rising! The monthly total value of transactions on UK-issued debit and credit cards increased by 13 per cent in the last year – rising from ￡73.9 million in January 2022 to ￡83.5 billion in January 2023. Globally, some 70 per cent of the $1.3 trillion of transactions in 2023 were still made using credit and debit cards, or cheques.

7 reasons why credit and debit card transacting is still growing strongly

1.Card Rails (the technology behind card transactions) is natively open loop:

In other words, if you have an AMEX, Discover, Mastercard or VISA debit or credit card you know you have the means to make payments all over the world, regardless of the consumer or merchant’s business or personal bank account and regardless of where that bank is based.

2. Customer experience is uniform

The customer experience, when paying with a debit or credit card, is uniform all over the world. So, even if the POS terminal is giving instructions in German or Chinese, most consumers can navigate pre-authorisation, tap to pay and/or PIN entry payment, often with the additional option to pay in the local currency or your home country’s currency, without even referring back to the merchant. The screens and layouts are extremely familiar, even if the language is not.

3. Card transactions are ubiquitous, versatile and extensible

It is worth remembering that pre-paid cards, as well as Mastercard, AMEX, Discover and VISA debit and credit cards, all run on the same card rails.

Even country-specific cards like Elo in Brazil, EFTPOS in Australia, and Rupay in India are built upon EMV standards developed decades ago. Mypinpad supports and enables transactions using all these cards and many more national players many of you will not have heard of. Card rails are ubiquitous and are in wide use globally.

4. Card rails has proven massive scalability and resilience

I gave you the numbers of debit and credit cards in use around the world. It is anticipated that before the end of this decade there is likely to rise further to more than 20 billion. That’ll be 2.5 bank cards for every man, woman and child on earth today. VISA and Mastercard are processing thousands of transactions every second of every day. The processing of these transactions is naturally distributed. All the issuers are effectively bearing the load together and contributing towards the maintenance of high levels of resilience in the global system. One issuer in one country may go down for a time but it never brings the whole system down.

However, if you have all your travel money stored in your e-wallet and that wallet’s technology platform fails, you have a big problem. By contrast, if your Mastercard debit card fails while you are trying to pay for your hotel bill abroad, you can always pull out a second card, perhaps a VISA credit card, and pay the bill with that.

5. New chip-based cards have tightened security at the hardware level

Chips on bank cards have very secure and widely understood rules which govern the interactions with those chips at a hardware level. Any security system which has a hardware as well as a software element to it, is always going to be more secure than a software-only solution.

Cards’ chip technology offers an additional authentication and encryption layer. The largest security element is that it ensures that it has not been cloned. It verifies that it is the original card and that the person using it is authorised to use it, whether authenticated via a PIN or not. Much like a well specified safe, if you attempt to break into that chip (to get into the keys inside it), you will destroy the card – making it impossible to read successfully.

6. Liability is well understood

When doing a card present transaction (i.e. using the physical card), the bearer of the liability and risk of fraud is well understood and agreed between all the parties involved, be they acquiring banks or issuers in various countries or national regulators.? If you do a chip-and-PIN transaction, liability passes to the cardholder for example, while in other cases the merchant carries that fraud risk.? Knowing who is liable when and where is vital especially with cross-border transactions.

7. Multi-layered payment terminal security

Even Mypinpad, which is a SoftPOS solution, uses the hardware security standard provided by both PCI and EMV for processing payments via terminals. So called PCI-PTS rules govern these terminal security requirements and ensure that this hardware is secure. EMV meanwhile certifies that vendors of all new payment terminals are interacting with all available cards in conformance with strict security standards at the hardware level.

There are three different levels to EMV certification to consider. Level 1 covers interaction with the chip and ensuring the NFC capability is working properly for tap to pay. Level 2 covers certification of the embedded logic kernels. For example, Mypinpad builds contactless kernels which have to pass EMV Level 2 Certification before being offered to our customers. Level 3 covers how the terminals interact with the network and that is done per scheme. Each issuer has slightly different requirements at this level. We build kernels for multiple schemes including the international ones (Visa, Mastercard, Amex etc) as well as local schemes (Rupay, EFTPOS, Elo etc).

Card rails - which is the umbrella term for all this EMV and PCI-regulated security technology - is the pre-requisite. So, all terminals must be set up in a prescribed and highly secure manner. That’s why what we do is so difficult: we have to comply with multiple layers of security and compliance standards whilst also ensuring the customer experience remains familiar and easy wherever you are in the world. The trick is to do the application of card rails security systems very efficiently in order to avoid compromising customer experience.

SoftPOS built on card rails ensures seamless & ubiquitous user experience globally

In summary, we’ve analysed that the hardware and software-based security standards governed by PCI and, in some cases certified by EMV, collectively called ‘card rails’; provide an exceptionally mature, multi-layered security infrastructure designed to protect both customers and merchants alike. That infrastructure enables us all to transact in a seamless and increasingly contactless manner in the blink of an eye, while giving us the peace of mind that if something goes wrong we can get our money back and start again.

Card rails provide the security standards upon which SoftPOS providers like Mypinpad must enable that rapid, familiar and frictionless customer experience when consumers reach a merchant’s card terminal. It is our job to make sure that there is no faffing, no fiddling with your mobile device and no delay in completing every digital transaction. User experience at the terminal, increasingly enabled by a personal mobile device, is at the heart of card schemes’ continued and growing appeal.

We’ve learnt that the world has spoken and open loop payment systems are what consumers want, whether that’s via physical cards, or open-loop e-wallets which still rely on card rails.