Building Consumer Protection in Open Banking Payments

Written by Andria Evripidou · April 6th, 2021

Security and protection are the building blocks in creating trust when making a payment. Open Banking payments are no different and require both the highest security standards and an additional layer of protection from financial providers, in order for consumers to build confidence in using these payment services. It is widely accepted and proven that Open Banking payments are secure. Your details, the transaction information and your purchase data are all encrypted and secure - take a look at our blog post ‘Is Open Banking safe?’ to find out more. But what about consumer rights? And what happens when a ‘payment goes wrong’? This is exactly the topic we are exploring in this discussion and offer some suggestions on how to take advantage of the consumer protection mechanisms that are built into Open Banking Payments.

A lot has been said about the availability of buyer protection measures in interbank payments including the recent consultation by the Payment Systems Regulator. The first point to note is that consumer protection is very different from buyer protection. The distinction between the two types of protection is important in providing the context around what Open Banking can and cannot do for its users.

Buyer protection: Imagine you went online and bought a brand new laptop. When the laptop arrives you realise that its battery won’t charge. You have a right to receive a refund from the merchant or request a new laptop from the merchant.

Buyer protection applies to all purchases regardless of the payment method used. Even when paying by cash, buyers are entitled to a certain set of rights and can address any concerns to Citizens advice. The focus of this article is on consumer protection in payments and what the financial institutions offering payment services can and should do to protect your transactions.

Consumer protection: Now imagine the same scenario but as you were making the payment a hacker tried to intercept your details. It is the responsibility of your account provider to ensure that all your financial details are secure or protected. It is also their responsibility to process the refund discussed in the previous scenario.

Consumer protection in Open Banking today

In the UK, interbank (account-to-account) payments have increased significantly since the introduction of Open Banking that allows users to initiate payments with more ease and less friction. Naturally, given the ease and simplicity of the payment, the question then arises, would I still be protected if the payment goes wrong? In short, yes!

Firstly, consumers are always protected when a payment goes wrong under the Payment Services Regulations 2017 (PSRs), regardless of whether they paid by bank or by card. The PSRs provide legal protections for wrongly executed payments regardless of payment type. The customer is always entitled to a refund by their bank if ‘something has gone wrong with the payment’ and it was the bank’s fault (for the lawyers in the room, see Regulation 91 of the PSRs 2017). Under the same legislation, in a scenario where funds are misdirected, the merchant’s payment service provider (aka their bank or account provider) must cooperate with the payer’s payment service provider in its efforts to recover the funds, in particular by providing to the payer’s payment service provider all relevant information for the collection of funds.

Looking beyond the primary legislation itself, there are a number of escalation mechanisms that are available to consumers when something goes wrong with their payments, again regardless of whether they paid by bank, Open Banking or card. Firstly, their account provider, by law, needs to have in place a complaint and dispute resolution mechanism to support customers who are unsatisfied with the services they have received. In addition, the Financial Ombudsman Scheme is always available where a consumer or micro-enterprise wishes to escalate a complaint about a payment service.

It is clear that there is a strong and effective legal framework to ensure consumers are protected, but what about the industry itself? The Open Banking industry is still in its infancy and the firms providing these services have every incentive to build a trusting relationship with their customers despite the challenges and level of complexity that they face. For example, when making a decision on whether to pay by card or by bank, at this moment in time consumers have to balance the following:

  • the perceived and ingrained protection benefits offered by their card provider - such as a guaranteed and speedy refund.
  • the ease of an Open Banking transaction, with a level of uncertainty on the level of protection they are afforded.

It is against this backdrop that TPPs have gone to great lengths to afford the same level or greater protection to their consumers even when it is not within their remit or required by legislation. We have seen a great change in the way that consumer complaints are dealt with in this space. From round the clock dedicated support teams to continuously reduced waiting times for issues to be fixed. In some instances where a payment was initiated using Open Banking, Payment Initiation Service Providers (PISPs) would even take a step further and provide refunds directly to a consumer, and take the risk of being reimbursed subsequently by the merchant (with which they may have a commercial arrangement).

Finally, technology has an important role to play in protecting consumers that use Open Banking. As this industry is still relatively new, firms have the ability to use the latest available technology, harness the power of data and are not hindered by legacy IT infrastructure in delivering their services. As such, they are arguably far better placed to identify instances of fraud or fix other issues that may compromise the integrity or completion of a payment transaction.

Consumer Protection in Open Banking tomorrow

With all the available evidence, it is clear that paying by Open Banking offers at least the same consumer protection as paying through other payment methods, noting that Open Banking is effectively an easier way of initiating interbank payments. Can more be done going forward to strengthen this position?

As with anything, there are always areas that can be strengthened. However, it is important that the proportionality of any additional measures is taken into consideration. From our experience we can say that the instances where consumers suffered harm as a result of lack of consumer protection in Open Banking were minimal - even when taking into account the considerably smaller volume of transactions initiated through Open Banking. Additional measures would be hard to justify and potentially increase costs for a nascent and fragile industry that is doing its best to protect consumers. On the one hand, Open Banking payments are not funded by interchange fees in the same way as card payments are and increasing charges for such payments will make them unappealing from a commercial perspective leading merchants to stop offering them. Finally, Open Banking is simply a way of initiating an interbank payment which means that it benefits from the existing protection measures of such payments. Ultimately, a move towards more (expensive) protection will hinder innovation for marginal improvements in consumer protection.

There is however one potential development that could support confidence in the entire Open Banking ecosystem: extending Confirmation of Payee (CoP) to Open Banking peer-to-peer payments. CoP is a name checking service that checks whether the name provided by a payer when initiating a payment to a new payee, matches their sort code and account number. If the details do not match then the consumer is issued with a warning that they may be sending money to the wrong or a fraudulent account. This mechanism helps reduce the level of fraud in interbank payments but currently is only available to banks and other account providers. It would be a reasonable extension to enable this additional layer of fraud protection for peer-to-peer Open Banking payments given that they are already provided when making interbank transactions. When it comes to merchant payments, CoP should be set aside due to commercial contracts that populate account details automatically, meaning CoP would only add friction. Regulatory bodies are currently considering its extension to peer-to-peer Open Banking payments.

Such a step would be a massive leap forward as it would support all industry players in protecting their customers, thus building more trust in the ecosystem and promoting accelerated Open Banking adoption.

What are you going to build today?