By Jane Kaufman Winn †
ABSTRACT
This article equates the providers of traditional electronic payment services with the Titans of Greek mythology, and the providers of new electronic payment technologies with the Olympians. Professor Winn concludes, however, that unlike the Titans of Greek mythology, these modern Titans appear to be winning in their battle with the upstart Olympians.
This article describes the fundamental characteristics of payment systems, reviews the applicable law, and describes the new technologies that were, until quite recently, expected to displace older electronic payment systems. Professor Winn finds that consumers and merchants, by and large, are happy with the existing regulatory structure. And, because of the failure of new technologies to gain significant market share yet, regulators have not yet been obliged to revise existing regulations to take account of these new technologies.
TABLE OF CONTENTS
I. INTRODUCTION: CLASH OF THE TITANS 676
II. CHARACTERISTICS OF PAYMENT SYSTEMS 678
A. LIQUIDITY 678
B. FINALITY 679
C. TRANSACTION RISK 680
D. SYSTEMIC RISK 680
III. TRADITIONAL PAYMENT
SYSTEMS: THE
TITANS 682
A. CHECK CLEARING 682
B. WHOLESALE FUNDS TRANSFERS 684
C. CREDIT CARDS 686
D. CONSUMER FUNDS TRANSFERS 688
E. SECURE ELECTRONIC TRANSACTIONS ("SET") 689
IV. PAST FAILURES:
THE FIRST OLYMPIAN
ASSAULT 691
A. EARLY FATALITIES: FIRST VIRTUAL AND DIGICASH 691
B. WALKING WOUNDED: MILLICENT, CYBERCOIN, MONDEX 693
V. THROUGH A GLASS DARKLY:
THE NEXT GENERATION
OF ELECTRONIC PAYMENT
SYSTEMS 695
A. SECURE SOCKETS LAYER ("SSL") 695
B. E-CHECK 697
C. INSTABUY 698
D. PORTALS 699
E. NACHA 699
F. WHAT THE FUTURE HOLDS 700
VI. INTERESTS OF STAKEHOLDERS
AND GATEKEEPERS IN ELECTRONIC
PAYMENT SYSTEMS 702
A. STAKEHOLDER INTERESTS 703
B. GATEKEEPER INTERESTS 704
VII. CONCLUSION 708
Banks are dinosaurs. We can bypass them.
- Bill Gates1
The reports of my death are greatly exaggerated.
- Mark Twain2
I. Introduction: Clash of the Titans
One Greek myth tells the tale of an earlier generation of gods, the
Titans, who fought with a later generation of gods, the Olympians, for sovereignty
over the earth.3
The Titans were the offspring of Uranus, the sky, and Mother Earth. The Olympian
gods were the children of Cronus, the king of the Titans. Mother Earth had helped
Cronus overthrow his father and seize power. Cronus feared that one of his own
sons would likewise dethrone him, so he swallowed each of his own children as
soon as they were born. It was not until the sixth child, Zeus, was born that
Cronus's wife, the Titaness Rhea, conspired with Mother Earth to find a way
to save the child from his father. When Zeus was grown, with the help of his
mother and his wife, he tricked Cronus into drinking an emetic potion, causing
him to vomit up his first five children. They were now fully grown, and these
Olympian gods joined Zeus in his battle to wrest control of the earth from Cronus
and the Titans. The Olympians and Titans fought bitterly for ten years, but
the Olympian gods finally won, as had been prophesied by Mother Earth.
The explosive impact of new communications and
information processing technology in recent years has triggered a conflict for
market dominance between established and emerging players that resembles the
clash of the Titans and the Olympians in sound and fury, if not in cosmic relevance.
In the marketplace for electronic payment services, the Titans are played by
the regulated financial institutions and the Olympians are played by the emerging
payment technology start-ups. The role of Mother Earth is played by consumers,
who have not yet made the decision to throw out the Titans and bring in the
Olympians. As a result, regulators have no clear mandate. Rather, they face
the ambiguous and complex task of maintaining the efficacy of existing regulatory
efforts in the face of changing circumstances while not discriminating unfairly
between either Titans or Olympians.
In the first round of the struggle for dominance in the market for payment
services supporting Internet-based commerce, the Titans have emerged victorious
while the Olympians are in full retreat. While only a few years ago, it appeared
that systems built to leverage new global electronic networks such as the Internet
might sweep away the cumbersome older generation of electronic payment systems,
this has not proven to be the case.4
Consumers have shown a profound lack of interest in the radically new electronic
payment systems developed by the Olympians. U.S. consumers actually seem quite
happy with the range of electronic payment options currently available. As long
as the Olympians continue to neglect the interests of the consumers and other
stakeholders in emerging electronic commerce markets, the less novel, but more
serviceable, offerings of the Titans will continue to prevail in the market
for electronic payment services.
The Olympians may yet be gearing up for a second assault. This wave, though,
may focus on utilizing the existing Titan infrastructure through new, Olympian
interfaces. As a countermeasure, the Titans may harness Olympian technology.
Regardless of the outcome of this battle, the future seems to be one of hybrid
systems, where Titan infrastructure is accessed via Olympian technology.
II. Characteristics of Payment Systems
Payments are a specialized subset of commercial transactions. Payment
systems promote commerce by transferring value quickly and effectively and by
imposing a minimum of additional costs or risks on the transacting parties.
Payment services support transactions in goods and other services as well as
transfers of value between financial institutions and their customers. Payment
systems operate at the short-term end of the spectrum for financial services,
providing rapid and certain transfers of value. They must be efficient, pervasive,
and trustworthy in order to minimize the costs that the payment function adds.
Any new electronic payment system technologies must not only offer innovative
features, they must continue to meet these basic requirements. A payment system
can be described in terms of liquidity, finality, transaction risk and systemic
risk.
Liquidity is commonly defined as the ease with which an asset can be
bought or sold for money.5
With the exception of the FedWire,6
electronic payment systems are not themselves money, but represent a private
substitute for money that is acceptable to the transactors. A private payment
system substitute for legal tender has liquidity if other types of assets can
be converted into and out of that payment medium without causing significant
distortions in the market value of the asset solely attributable to the choice
of payment device. This type of payment device liquidity can be achieved when
there is a sufficiently large number of transactors in the market and transactors
can settle transactions in the payment device without making major modifications
in other terms of the transaction in order to do so.
Payment systems differ widely in the degree of finality associated
with their use. Final payment is the moment when the payment may no longer be
revoked.7
The rules governing finality of a particular payment device must be clear and
universally applied in order to minimize the transaction costs associated with
the choice of the payment device. Certainty about the degree of finality, whether
great or small, is an essential element of established payment systems.8
Although the importance of finality of payments is obvious when payment transactions
are viewed in aggregate as a payment system, rules governing finality may be
difficult to enforce in practice because of competing concerns at the level
of individual transactions. A payer will normally prefer less finality because
it can enjoy the float while the payment is processed, and it can reverse payment
in the event of a dispute with the payee.9
Merchants obviously prefer a system with more finality, as it gives the merchant
the benefit of the float and reduces the risk that settlement will be revoked
once made.10
In addition, the party providing the payment service may wish to make exceptions
to finality rules for established clients or in other hard cases.11
Thus, unless supported by clear legal rules that leave parties little room for
discretion, finality of payment will be difficult to enforce consistently and
fairly.12
When payment is not in the form of a proffer of legal tender, there
is an element of credit risk for the party accepting the payment. Even with
a payment of legal tender, there is a risk of error in processing the transaction,
or of fraud such as forgery. Transacting parties make choices about which forms
of payment are acceptable in part based on these transaction risks. Credit cards
may have the lowest form of finality of any major modern form of payment; however,
they also have the lowest credit risk for the merchants accepting them, provided
the merchant obtains prior authorization for a charge. This is because under
credit card system rules, card issuers, not merchants, bear the risk that the
cardholder cannot pay.13
Paper-based payment systems incorporate processes to reduce fraud losses that
historically have kept forgery losses within manageable levels. These include
the use of magnetic ink printing, comparison of signatures with specimen signatures,
and paper stock variations that are hard to reproduce.14
What is recognized as money in modern economies is rarely legal tender.
It is instead a complex fabric of claims on private organizations that circulate
with almost the same degree of acceptance as legal tender. Given the large amount
of payments made in reliance on the creditworthiness of private parties, the
safety and soundness of participants in the payment system is a paramount concern
of regulators. Failure of a major component of the payment system would cause
disruption throughout the economy, imposing unforeseen losses on unprepared
parties. If the failure is large enough to affect liquidity, it could cause
a contraction in the level of economic activity generally. As a result, regulators
must evaluate not only the degree to which participants in the payment system
observe the system rules but also the likelihood that a system participant would
fail to meet its obligations to other system participants. The regulators should
also evaluate whether the system could withstand the failure of a major participant.
There is no major payment system in the U.S. today that is not subject to
a significant level of supervision.15
Radically new payment systems may fall outside the purview of existing payment
system regulations, so they pose a potential threat to the safety and soundness
of existing payment systems if the interface between new and old payment systems
is not managed carefully.16
Furthermore, it is unclear whether regular consumers of regulated financial
services are in a position to understand and evaluate the risks of new payment
systems, even if existing payment services can be sheltered from the risk of
insolvency or illiquidity associated with new payment systems. Because failure
of any payment device widely accepted in the market may impose unacceptable
levels of costs (even on those market participants who did not accept the payment
device directly), the model of self regulation and government restraint advocated
in the Framework for Global Electronic Commerce ("Magaziner Report")17
must be viewed with some skepticism in the context of payment systems.
III. Traditional Payment Systems: The Titans
Consumer payment systems in the U.S. are still dominated by traditional
paper-based services; only a tiny proportion of total payments are currently
electronic. Furthermore, these proportions are expected to change only slowly.
In 1997, paper-based payment systems still dominated the market for consumer
payment services in the U.S.18
Wholly electronic payment systems currently account for a trivially small proportion
of the total market for consumer payment services.19
Banks in the U.S. have been anticipating the advent of the "checkless
society" for decades, hoping to replace expensive check processing services
with more efficient electronic funds transfer services.20
Yet checks remain the largest segment of the U.S. payment system, and the volume
of checks used continues to increase, although the rate of increase is slowing
down. No one anticipates that checks will be displaced by electronic payment
systems as the dominant form of payment in the U.S. in the near future. As long
as checks are the payment device of choice for both consumers and businesses,
regulated financial institutions will have to maintain a considerable investment
in the equipment and services required to process huge numbers of pieces of
paper.
Businesses and consumers remain committed to checks as a payment device because
they are more flexible than electronic payment devices in many respects. Any
name can be written on the payee line of a check, including the name of a complete
stranger. In principle, checks can be written for any amount, no matter how
large or small. The drawer of the check enjoys the float until the check finally
clears, and may stop payment until it does.21
The bank must normally absorb the cost of forged checks, provided the customer
has not contributed to the forgery through his or her negligence.22
Because the volume of data captured during the processing of transactions in
the check collection system is minimal,23
personal data regarding checking account customers and their transactions is
less likely to be exploited for secondary uses than the more substantial personal
data generated or stored in electronic payment systems such as credit card and
debit card systems. Finally, U.S. banks did such a brilliant job of marketing
the canceled check as the best record of a transaction that many bank customers
will not permit their banks to stop sending canceled checks with their monthly
statements. The legacy of this marketing campaign has come back to haunt the
banks as they struggle to wean their customers from their dependence on pieces
of paper in payment transactions. Before U.S. bank customers will willingly
surrender their checking accounts for wholly electronic payment services, they
will have to be persuaded that the newer, more efficient electronic services
offer an equivalent combination of low price, convenience and insurance against
risk of loss.
The development of check guarantee services such as TeleCheck24
have increased the willingness of merchants to accept checks, reducing transaction
risks associated with accepting checks and making checks an even more liquid
payment device for both consumers and businesses. Systemic risks do not normally
arise in the context of the check collection system because of the small average
amount of payments made by checks relative to the net worth of the banks providing
the service and because of the "midnight deadline" rule, which gives
banks more than twenty-four hours to make the decision whether to honor a check25.
The largest segment of the U.S. payment system, when measured by dollar
volume transferred, is the wholesale funds transfer market, which transfers
trillions of dollars a day.26
By contrast, the market for electronic funds transfers by individuals is much
smaller in dollar volume, though the number of individual check and credit card
transactions dwarfs the number of wholesale funds transfers.27
It was in the formation of electronic funds transfer systems that regulated
financial institutions first developed the business processes necessary to support
the secure electronic transmission of customer instructions regarding funds
transfers.28
Although funds transfers conducted over funds transfer facilities maintained
by the Federal Reserve Banks were subject to the regulation of the Federal Reserve
Board, many funds transfers took place over private systems, such as the Clearing
House for Interbank Payment Systems ("CHIPS").29
The entire wholesale funds transfer system was not governed by a clear body
of law until U.C.C. Article 4A was promulgated in 1989 and adopted by the states
shortly thereafter.30
The Article 4A drafting process resulted in many innovations, even though it
drew heavily on the practices that had developed among banks and their customers
during the 15 years before the drafting committee was established. While a consensus
was not easy to achieve, the community of interests shared by both the banks
and their customers permitted the drafting process to find workable compromises
on many thorny issues.31
Wholesale funds transfers in general, and the FedWire system in particular,
are highly liquid payment media with a high degree of payment finality and low
transaction risks. Transfers of funds over the FedWire are irrevocable when
received and settlement is immediate.32
Systemic risk issues are raised when wholesale funds transfers are accomplished
outside the FedWire system, such as through the CHIPS system where net settlement
occurs at the end of the trading day. CHIPS maintains a series of controls to
minimize the risk that one financial institution may fail to settle its obligations
at the end of the trading day, triggering a chain reaction of failures that
could cause the collapse of the national financial system.33
Although U.C.C. Article 4A recognizes the possibility that a funds transfer
system like CHIPS might fail to settle,34
in fact CHIPS has never failed to settle since it began operation in 1972.35
Credit cards are more than simple payment devices-they provide direct
access to a line of credit. While the credit is important in its own right,
it has larger implications as well. The financial institutions that sign up
either cardholders or merchants are functioning as financial intermediaries,
and by providing that intermediating function, minimize the risk to the transacting
parties. The intermediaries charge for these services through a discount rate
charged to merchants and through interest charges and service fees charged to
cardholders. Because the credit card system is a closed system, in which no
one can participate as a cardholder, merchant, card issuer or financial intermediary
without agreeing to be bound by the system rules, the fact that a merchant accepts
credit cards provides consumers with a guarantee of recourse in the event of
a dispute in the underlying transaction. Similarly, the card issuer screens
cardholder's creditworthiness for merchants.
The market for credit cards gained momentum in the 1960s when some major banks
started marketing them aggressively. The banks that were most aggressive sought
to minimize their own risk associated with wholesale distribution of credit
cards through the use of overreaching form contract terms. This lead to a widespread
perception that cardholders needed protections in law. The result was Regulation
Z,36 which
represents a high water mark in U.S. consumer protection law. Regulation Z prohibits
the mailing out of unsolicited credit cards,37
limits cardholder liability for unauthorized transactions that occur before
the card issuer is notified of the problem to a flat $50,38
requires the issuer to send periodic statements to the cardholder and requires
the issuer to provide certain dispute and error resolution services.39
The result of these regulations is that credit cards have less finality than
almost any other payment device.
The Federal Reserve Board has exercised considerable initiative in maintaining
this level of consumer protection in new markets, including mail order and telephone
order ("MOTO") transactions.40
Under Regulation Z, before a card issuer may charge the cardholder for a transaction,
the card issuer is first required to provide a means of identifying the cardholder,
such as a signature, photo, or fingerprint on the card itself.41
In MOTO transactions, which provide the model for Internet retail commerce,
the card is not present for inspection by the merchant. Because one of the conditions
that the card issuer must establish to charge a cardholder cannot be met, the
card issuer may not contest a cardholder's claim that a charge was not authorized.42
The card issuer will not be left with the loss, however, because under the system
rules of the credit card association, the card issuer will be allowed to charge
the transaction back to the merchant who presented it.43
The high level of protections mandated for consumers using the credit card
system, as well as the access to credit and the risk intermediation performed
by the system, help to explain the current dominance of credit cards as the
payment device of choice for retail Internet services. The lack of finality
created by the Regulation Z right to contest charges when the cardholder is
not satisfied with a purchase44
is highly favorable to consumers, as is the right of a consumer to contest a
charge as unauthorized.45
These rules minimize the transaction risks assumed by consumers in Internet
transactions by shifting the risks back onto the merchant, the merchant's bank
or the card issuer. The popularity of credit cards among U.S. consumers creates
liquidity for merchants accepting credit cards as a form of online payment.46
The credit card system provides a form of introduction between two parties who
otherwise may have no way to evaluate each other's bona fides. The sophisticated
security systems that merchants have developed during decades of MOTO transactions
to keep fraud and error losses to a minimum have been transferred to manage
risks with Internet-based commerce. Although credit cards have higher transaction
costs stemming from the lack of finality and come bundled with a paternalistic
risk-management system, these negatives are apparently more than offset by a
larger volume of completed transactions and the significant transaction cost
savings to merchants and consumers who do not have to research each other's
suitability as a counterparty.
Banks and other regulated financial institutions began to offer electronic
funds transfer services to customers through automated teller machines ("ATM")
in the 1970s.47
At the same time, efforts were made to introduce the use of debit cards at point-of-sale
("POS") payment terminals, although these did not capture any significant
market share until the late 1990s.48
Following the controversy associated with the aggressive and irresponsible marketing
of credit cards and the subsequent consumer protection regulations adopted by
the Federal Reserve Board to control those abuses, both consumer protection
advocates and financial service providers approached the question of consumer
protections for ATM card use with definite agendas. The resulting political
confrontation produced the Electronic Fund Transfer Act of 197849
and Regulation E.50
These two provisions strike a different compromise between consumer and financial
institution interests than Regulation Z. The final outcome was a loss allocation
rule that progressively placed more of the risk of loss on the consumer when
the consumer does not promptly notify the financial institution after learning
that the ATM or debit card had been lost. In marked contrast to the flat $50
limit on consumer liability under Regulation Z, Regulation E contemplates that
a consumer who completely fails to notify a financial institution after losing
the card may be exposed to losses without any statutory cap.51
While banks were able to negotiate a lower level of consumer protection for
electronic funds transfers than for credit cards, they later found themselves
under considerable public pressure to waive the benefits of that lower level
of protection. In the late 1990s, banks began aggressively marketing debit cards
as an alternative to credit cards. These cards, marketed with a credit card
brand name, had the same convenience for the consumer as credit cards, but very
different consumer protections. Consumers and consumer advocates were shocked
by the magnitude of the disparity in consumer protection provisions for debit
and credit cards. One fundamental disparity is that while fraud and error losses
in credit card transactions take place, initially, at the card issuer's expense,
while these losses in debit card transactions take place at the cardholder's
expense. The cardholder's account at a financial institution may be depleted
and remain depleted while the financial institution makes a decision whether
or not to recredit its customer's account. In 1997, Visa USA and MasterCard
International announced they would not rely on the full protections accorded
debit card issuers under Regulation E, but would voluntarily narrow the gap
between the treatment of unauthorized or erroneous transactions for debit and
credit cards to bring their business practices more closely in line with consumer
expectations. They agreed to limit consumer liability for unauthorized transactions
to the same $50 that applies to credit cards, and to shorten the time a financial
institution is permitted to make the decision whether to recredit a customer's
account for an allegedly unauthorized withdrawal.52
E. Secure Electronic Transactions ("SET")
Standardization is an essential element of any widely distributed system
for electronic commerce, and the development of technical standards for interoperability
between vendors of electronic payment services has been no exception. Titans
such as Visa and MasterCard have attempted to seize the initiative in innovative
electronic payment systems by controlling the development of technical standards.
This, in turn, would guarantee a continued role for the Titans' proprietary
payment services in the electronic commerce markets of the future. The vast
financial resources that the Titans can command have been poured into the development
and marketing of the Secure Electronic Transactions ("SET") standard,
which, if widely adopted, would permit the use of advanced encryption technology
in credit card transactions and would help preserve the dominance of credit
cards among electronic payment services.
The promise of asymmetric cryptography, in the form of digital signatures,
to resolve some of the new security issues raised by conducting business over
open, public computer networks was widely recognized in the technology community
a decade ago.53
Without standards to facilitate the adoption of cryptography, however, there
was no way for application developers to realize its promise. Visa and MasterCard
initially began work on separate standards for the use of public key cryptography
in connection with electronic funds transfers, but in 1996 decided to join forces
in developing a single standard for secure electronic transactions, or SET.54
In 1997, SET was widely expected to make the Internet safe for electronic commerce
by resolving some of the uncertainty that prospective transactors felt about
the security of Internet transmissions. SET would require each cardholder, financial
intermediary and merchant to use a digital signature certificate in Internet
transactions. Consumers would send their signed orders to Internet merchants
together with encrypted credit card information that would be passed on, unread,
to the financial intermediary. The intermediary would process the credit card
authorization and notify the merchant, who would then complete the transaction
with the consumer.
The SET system ran into problems almost from the outset, and by early 1999
was no longer in the forefront of discussions about Internet commerce security.55
While SET may be a very sophisticated system for improving the security of electronic
funds transfers over open networks such as the Internet, it is also a complex
and cumbersome one. The specifications for SET were initially driven by technological
concerns associated with establishing what would have been the first large-scale
public key infrastructure using existing financial networks and the Internet.
As a result, the operation of SET procedures seemed likely to be too demanding
of existing computers and networks. These problems might occur at the level
of the individual consumer's home PC or at the level of the merchants and financial
intermediaries who were trying to prepare for large volumes of message flow
accompanied by large numbers of complex computations required for cryptographic
functions.56
When merchants appeared reluctant to invest in the reengineering required to
support such demands on their computer resources and networks, SET was marketed
as a solution to the problem of consumer fraud through false claims of unauthorized
use of a card as well as to the problem of merchant fraud. SET marketing materials
never explained how the use of a digital signature certificate would be analyzed
in light of Federal Reserve Board opinions interpreting Regulation Z, however.57
Notwithstanding the outpouring of support for SET, by early 1999 it had still
failed to garner any significant share of the U.S. market and achieved only
a few isolated implementations outside the U.S.58
IV. Past Failures: The First Olympian Assault
When the Internet was still something of a blank slate upon which one
could project all manner of utopian or dystopian notions at will, it seemed
obvious that major innovations in payment system technology would be needed
to support Internet commerce. None of the early pioneers in this field have
yet enjoyed the market success that their radical and innovative approaches
would seem to have indicated a few years ago, and quite a few have ceased operations
altogether.
A. Early fatalities: First Virtual and DigiCash
In 1994, First Virtual was established to offer secure payments technology
to support Internet commerce. In 1996, First Virtual enjoyed a successful initial
public offering, positioning itself as an Internet payments company.59
Individual subscribers authorized First Virtual to charge their credit cards
for an initial allocation of funds to spend. Then subscribers could visit the
websites of merchants who have signed up with First Virtual and authorize the
merchants to debit their balances by using a PIN number. The success of alternatives
such as SSL eroded demand for the First Virtual service, which never achieved
a critical mass of individual or merchant subscribers. In 1998, First Virtual
announced the cessation of its payment services and the refocusing of the company
on electronic messaging services only. 60
In the 1980s, David Chaum obtained patents for blind signature cryptographic
protocols that might support the development of much more novel and significant
alternative payment systems.61
These protocols permit the creation of electronic tokens that can circulate
as money in an online environment without revealing the identity of purchasers
using the tokens.62
Chaum founded DigiCash in an effort to exploit the commercial potential of this
technology as a form of online electronic money, and licensed the system to
Mark Twain Bank in the U.S. and to various banks in other countries.63
Individuals wishing to use e-cash to make Internet purchases could draw on their
account balances at the licensee bank to download e-coins for safekeeping in
a "wallet" on the hard drive of their personal computer. When the
individual wished to make a purchase, the software would deduct e-cash from
the wallet and transfer it to the merchant.64
Although Chaum's system is not premised on the use of a conventional system
for clearing and settlement to support it, the Mark Twain application allowed
the merchant to transfer the e-cash back to the bank to confirm that it had
not been double spent. The bank would cancel the e-coins and credit the merchant's
account with the bank.65
In November 1998, DigiCash announced that it was seeking Chapter 11 bankruptcy
relief in order to reorganize its business activities. Mercantile Bank, Mark
Twain Bank's successor organization, had earlier discontinued the service, although
some overseas banks were still marketing e-coins.66
The promise of the e-coin technology may ultimately be realized in U.S. financial
markets, but, consumers are not sufficiently motivated by privacy concerns to
create the demand that DigiCash's early promoters expected. As with First Virtual,
the total number of subscribers to the e-coin system never achieved a critical
mass. Purchasers did not enjoy any float, and instead tied up resources in e-coin
balances that did not earn interest and were at significant risk of loss should
the security of the wallet on the hard drive be compromised. Merchants also
faced a risk of loss due to the threat of double spending, although the clearing
system provided by the bank was designed to keep such losses to a minimum. An
e-coin system would only be competitive with established payment devices if
consumers were willing to accept higher transaction risks and greater finality.
Apparently, they were not.
B. Walking Wounded: MilliCent, CyberCoin, Mondex
Various other players in the market for innovative electronic payment
services have not ceased operations, although the demand for their products
remains unclear. These include "micropayment" technologies such as
MilliCent and CyberCoin, and smart card payment devices such as Mondex. Micropayment
technologies looked destined for greatness a few years ago based on a common
forecast regarding the future of Internet commerce. Because many businesses
were reluctant to distribute content free of charge over the Internet and because
subscription services are uneconomical for many types of content, it seemed
likely that some vendors and purchasers would be interested in small, one-shot
transactions at prices below those that current electronic payment systems can
easily support. Micropayment technologies, which would permit consumers to download
electronic money to a personal computer that could then be spent in small increments
with participating merchants, seemed almost certain to catch on.67
Millicent68
and CyberCoin69
were two products developed to exploit this market that have languished in a
vacuum of consumer demand. While there may be a market one day for Internet
micropayments, it is unclear when that day will arrive.70
Mondex smart card technology is another promising technology whose moment
of greatness always seems to be at hand yet never quite arrives. The Mondex
card is a stored-value card that can take the place of cash by permitting transfers
of value onto and off of the card.71
Unlike the DigiCash system as implemented by the Mark Twain Bank, there is no
requirement that transactions onto and off of a Mondex smart card be cleared
through a central system. This feature reduces the transaction costs of the
system while also increasing some of the risks such as forgery or money laundering.
Because a smart card does not merely store data but can also perform processing
functions, the electronic cash function of Mondex can be combined with other
functions to enhance its appeal to consumers and merchants, such as tracking
loyalty program credits.
As powerful as the Mondex technology is, this kind of smart card-based electronic
payment technology has not achieved any noteworthy successes in the U.S. to
date.72 Millions
of dollars of smart cards were distributed without charge during the 1996 Olympic
Games in Atlanta, but utilization rates were very low. In 1998, a smart card
pilot on the Upper West Side of Manhattan proved to be a disappointment for
the financial institutions sponsoring it. U.S. consumers of electronic financial
services are apparently too satisfied with existing alternatives such as checks,
credit cards and debit cards to adopt this new technology in large numbers,
although smart cards are rapidly gaining popularity in other countries. Compared
with smart cards, credit and debit cards offer consumers considerable benefits
under existing federal regulations.73
V. Through a Glass Darkly: The Next Generation of Electronic Payment Systems
The history of commercial exploitation of the Internet is short.74
In light of the successes of radically new concepts such as the browser and
the hypertext interface, it once seemed plausible that wholly new payment systems
might also catch on like wildfire, completely displacing demand for existing
services. As shown, however, existing payment systems are meeting the demand
for new electronic payment services with only minor modifications. Novel services
are finding it difficult to fulfill the conditions required to make a modern
payment system function in any environment.
With major obstacles impeding the Olympians' ability to launch alternative
payment systems, successful Olympian strategies may consist of finding ways
to harmonize Titan and Olympian approaches to electronic commerce. One possible
strategy for getting new payment technologies into the hands of large numbers
of users is to create hybrid solutions that combine the best elements of both
old and new payment systems technologies.75
In fact, a few examples of hybrid services currently exist, some owned by the
Olympians, some by the Titans.
A. Secure Sockets Layer ("SSL")
The Secure Sockets Layer ("SSL") standard, developed by the
Olympian Netscape as a simple, stop-gap solution pending the development of
more sophisticated standards such as SET,76
has achieved widespread acceptance as the standard for communicating credit
card information over the Internet.77
It represents an unusual situation where Olympian technology has enhanced the
position of Titan payment systems in Internet commerce. SSL lacks the elegance
and coherence of SET, but it has come to dominate the market for retail electronic
commerce by meeting the minimum requirements of the relevant stakeholders.78
The SSL standard does not use digital signatures to bind human identities
to online communications.79
Instead, it relies on the use of a digital certificate to identify a computer,
the e-commerce server. The consumer's browser validates the server's certificate,
and then uses the public key in the certificate to share a symmetric key with
the server. For the remainder of the session, the shared symmetric key is used
to encrypt communications between the browser and the server, preventing credit
card or other sensitive information from being sent over the Internet in the
clear.80
The SSL protocol permits payment information to be sent over the Internet,
replacing a mail or telephone link between the purchaser and the vendor in the
MOTO model, but maintaining an equivalent level of security.81
The SSL standard has proven highly successful because it does not place excessive
demands on the average consumer's home PC and has removed what was one of the
most pressing concerns associated with Internet commerce: the public nature
of its communications infrastructure.82
The SSL standard does not address the security of credit card information once
it is on the merchant's e-commerce server, nor does it provide any information
about which human being entered the credit card information transmitted to the
vendor.83
Purchasers have been happy with the level of protection provided by SSL because
the normal consumer-friendly credit card system rules apply. The risk that the
merchant may misuse consumer credit card information is not borne by the consumer
but by the merchant's bank.84
Vendors have been happy with the level of protection provided by SSL because
the risks of accepting credit card charges over the Internet can be brought
in line with the risks of accepting MOTO credit card charges.85
A merchant can decide whether to do business over the Internet by estimating
both the likely return on Internet business (in light of these higher charges)
and the likely total volume of chargebacks.
A cloud on the horizon indicates that SSL may not be a lasting solution for
securing Internet credit card transactions.86
The volume of disputes associated with Internet purchases seem to be disproportionately
large-while Internet transactions account for only 2% of card transactions,
by some industry estimates they account for 50% of disputes.87
Unless the Federal Reserve Board changes its interpretation of Regulation Z
regarding the inability of card issuers and merchants to contest a cardholder's
claim that a charge is unauthorized in any transaction in which the card was
not available for inspection by the merchant,88
merchants will have no choice but to press for improved authentication technology
or revisions to Regulation Z.
The established players have not completely ignored the possibility
of using new technologies to gain or maintain market share. The benefits of
this approach are that new technologies are harmonized with established business
practices. This approach was used with the electronic check, or "e-check",
developed by a consortium of major banks.89
In 1998, various banks entered into a pilot with the Department of Defense
to test this new service and it will be some time before the viability of this
concept for a larger market is determined.90
The e-check is an electronic equivalent of a paper check, created through the
use of new technical standards and encryption technologies. The e-check standard
was carefully developed to mimic the functions of check in an effort to ease
burdens to bank customers of switching from paper checks to wholly electronic
payment systems.91
It will remain unclear for some time whether enough financial institutions and
businesses that currently transfer funds by check will be willing to invest
in the technology required to make the e-check as universally acceptable as
the paper check or use e-checks in a sufficiently large number so as to make
them as inexpensive to process as paper checks.92
CyberCash has developed a new service, InstaBuy, which is rapidly gaining
popularity on retail Internet sites.93
The InstaBuy service permits consumers to enter their credit card information
into a secure site maintained by CyberCash and then to authorize the InstaBuy
service to release the information to Internet merchants who have also signed
up for the service.94
InstaBuy eliminates the need for consumers to download wallet software, which
is required for the CyberCoin service, or to enter their credit card information
each time they wish to make a purchase, which is necessary for most Internet
retail sites today. Consumers are not charged for the service, can access their
credit card information maintained by InstaBuy from any computer with access
to the Internet, and can only use InstaBuy with merchants that have been enrolled
in the program. This service is less ambitious than the earlier CyberCoin service
as it only offers consumers a simpler and more convenient way to make credit
card purchases over the Internet using SSL for a secure connection to the merchant's
site. Like any other endeavor, however, InstaBuy's ultimate success will depend
on whether enough consumers and merchants can be signed up for the service to
justify the cost of the service to merchants.
In 1998, portals attracted a great deal of attention as a way to permit
end users to find Internet resources more easily, and to increase traffic to
Internet commerce sites.95
Online financial services have been a common feature of portals.
One electronic payment system likely to be promoted through portals is Internet
bill presentment and payment services. With such a service, a consumer could
access all his or her monthly bills, review the contents of the bill and authorize
payment of the bills using a variety of payment devices. It is unclear at this
time whether the market for Internet bill presentment and payment will be a
service offered primarily by banks offering Internet services, or technology
firms such as CheckFree.96
Such firms provide a unified interface to the consumer, but use a variety of
payment devices to execute the consumer's payment orders. The terms under which
the partnering of Internet access providers, technology firms and regulated
financial institutions will take place are still in flux, so it is unclear how
many services will be provided by entities outside the scope of current regulations.
The magnitude of changes needed in existing regulations will only become clear
when the market for Internet bill presentment and payment is better defined.
In 1998, in an effort to maintain the relevance of the automated clearing
house ("ACH") payment system in a world of Internet-based commerce,
the Internet Council of the National Automated Clearing House Association ("NACHA")
conducted a pilot to determine the compatibility of the ACH system with a browser-based
interface for retail Internet commerce.97
One of the workhorses of electronic payment services in the U.S., the ACH network
performs functions such as direct deposit of payroll and automatic funds transfers
for routine expenses such as installment loans or utilities. To date, though,
it has not played a major role in the development of Internet-based commerce.
The pilot program involved a variety of banks, technology vendors, and members
of the NACHA Internet Council in simulated transactions. The pilot demonstrated
that while it might be possible to use digital signatures and a browser interface
to initiate funds transfers through the ACH system to support retail commerce,
further study was needed before such a service could be offered to the public.98
The market for electronic payment services remains crowded with competing
vendors and putative standard-setters, none of which have yet gained a commanding
lead over the pack of aspirants. Titans may ensure their continued success in
electronic payment services markets if they can persuade Olympians to join them
in collaborative relationships. It is possible that Olympians will survive and
prosper by licensing their innovative technologies to Titans who have the capital
and established relationships with consumers needed to achieve critical market
share for new technologies. Such collaborations will permit regulators to maintain
current levels of safety and reliability for new products by reviewing the new
technologies and their proposed uses in light of existing regulatory standards.
One opening for collaboration between vendors of new technologies and established
providers may come if the existing electronic payment system security infrastructure
is upgraded or replaced. Electronic funds transfer systems such as those used
for retail ATM machines rely on the Data Encryption Standard ("DES")
established in the 1970s.99
Groups that oppose the current U.S. policy of limiting the use of encryption
in the private sector to older standards such as DES have focused on breaking
DES as a way of demonstrating the inadequacy of current U.S. government policies
regarding encryption.100
Financial institutions are in the process of replacing DES-based technology
with higher levels of security such as double-DES, triple-DES and other encryption
standards. At the same time that encryption standards are being reevaluated,
it is possible that other elements of the existing payment system infrastructure
may also be upgraded. Such replacements may be beneficial-for example, replacing
magnetic stripe cards with smart cards would permit the use of more advanced
authentication technology in electronic payment systems.
Looking further ahead, services such as financial electronic data interchange
and electronic bill presentment may finally permit electronic funds transfers
to replace checks for routine business payments. This has yet to occur in large
part due to the inability to include transaction information with payment information
in transactions among all institutions that accept electronic funds transfers.
In order for businesses to have the option to include transaction information
with any funds transfer, many businesses and financial institutions will have
to upgrade their existing funds transfer processes, which they have been unwilling
to do. The federal government is setting a faster tempo for changes with its
EFT99 initiative.101
This initiative will force many recipients of payments from the federal government
and financial institutions to be able to accept funds transfers with transaction
information in the very near future.102
New entrants in the market for electronic payment services may enjoy greater
success outside mature markets such as the U.S. than inside them. In Europe,
for instance, consumers are less accustomed to using payment devices that include
an element of float for consumers.103
As a result, acceptance of smart cards as a payment device has been much greater.
The dismal failure to date in the U.S. market of smart cards as a payment device
demonstrates that U.S. consumers are showing a greater degree of sophistication
with regard to product features and a greater resistance to change than most
Olympians expected, especially in light of the success of innovative new offerings
in other areas of Internet electronic commerce.104
The greatest successes for such new payment devices may ultimately come in markets
in developing countries such as China, where there are virtually no alternative
electronic payment technologies.105
In such markets, there may be no business case for rolling out older models
of electronic payment systems where the basic infrastructure is still lacking,
and consumers may accept the most up-to-date technology available quite happily.
Emerging payment technologies that gain substantial market share in Europe,
Japan or developing countries may be able to leverage that market share to reenter
the U.S. market on more favorable terms in the future. As U.S. financial services
markets become more integrated into global markets, it is unlikely that the
flow of standards and products will always be from the U.S. outward. In the
near term, however, established services such as credit cards, debit cards and
ATM machines that were perfected in the U.S. and other developed countries,
may continue to crowd out more technologically-sophisticated alternatives.
VI. Interests of Stakeholders and Gatekeepers in Electronic Payment Systems
These larger trends in the market for electronic payment services and
in the development of technology will be shaped by the degree to which the various
stakeholders-the consumers, merchants, Titans and Olympians-can protect their
interests. In many respects these interests are incompatible. The regulators-the
gatekeepers to the market-have the ability to moderate the outcomes that competitive
forces alone would produce.
By looking at the costs and benefits imposed on customers by various
major payment devices, it is easy to understand why customers of regulated financial
institutions still prefer checks to electronic equivalents. The benefits customers
enjoy as a result of choosing checks are directly offset by the burdens they
impose on merchants. Yet until payment service providers and merchants find
a way to meet not just their own needs but also the genuine needs of their customers
with electronic payment devices, customers will continue to resist wholesale
migration to new forms of payment. While a great deal of consumer resistance
may be due to poorly designed interfaces or flawed business models for new payment
devices, it may also be due in part to a bias on the part of consumers in favor
of payment systems with known, manageable risks. Consumers have demonstrated
repeatedly that no matter how favorable a new electronic payment system is for
merchants and service providers, they will refrain from using the new system
unless they perceive it to be as beneficial to them as existing systems.
Internet merchants are enjoying considerable success today with minor modifications
to established systems, but if disputes associated with online credit card transactions
continue to grow, merchants may become more willing to pay for more sophisticated
solutions such as SET. As businesses develop more integrated, comprehensive
information technology systems, they will be looking for payment services that
can be integrated seamlessly into those systems. In order for Internet merchants
to be able to process payment information automatically, a great deal of standardization
will need to take place in the way data describing the transaction is attached
to the payment information. In addition, businesses would like the payment transaction
information to be available for other uses, such as differentiating between
valued and undesirable customers, building closer relationships with more profitable
customers, and exploiting the commercial value in transaction data via other
processes that cannot now be performed by the merchant.106
Regulated electronic payment service providers need to find new ways to leverage
their existing investment in legacy systems, while keeping up with the rapid
pace of innovation characteristic of Internet electronic commerce in general.
Banks are at risk of finding their market limited to only the most commodified,
low profit financial services, while customers build relationships with newer
service providers who are able to capture the more differentiated and profitable
front end of the payment system interface. Existing electronic payment systems
such as the automated clearing house system for electronic funds transfers have
complex, cumbersome interfaces but operate with a high degree of reliability
and security.107
If Yahoo!, Microsoft or Amazon.com can design and retain control of a user interface
that integrates automated clearing house payment functions with a customized
point of entry to a complete range of Internet services, regulated financial
intermediaries will not be able to reap any significant profits from the limited
range of services they continue to provide. Banks want to avoid seeing their
contribution to the next generation of electronic payment systems reduced to
some minimal clearing and settlement service. Collaborating with new technology
services may be an easy way for traditional payment service providers to give
their systems a fast facelift, but such collaborations also carry the risk that
the traditional service may lose its current close connection to the consumer
customer or retail merchant.
Technology firms seeking to participate in the construction of new payment
systems infrastructure will benefit most if they are able to gain market dominance
with proprietary standards, and if they are able to establish a right to payment
based on transaction volume or value. If technology firms design systems around
open, public standards, they will face a much more competitive market for their
services. Just as collaboration between traditional payment service providers
and technology firms is perilous for the traditional providers, it is perilous
for the technology firm if its partners can eventually master the new technology
and internally generate the necessary infrastructure instead of outsourcing
is production.
Although wildcat banking was once a legitimate occupation in the U.S.,108
regulation of financial services at both the state and federal level is now
inescapable. The will to maintain a comprehensive framework of regulation over
financial markets was strengthened in the wake of the banking crisis of the
1930s, and the savings and loan crisis of the 1980s. The regulatory legacy of
these crises is one of highly intrusive oversight and major restrictions on
the scope of operations.
The common wisdom now generally equates such heavy handed regulation with
obstacles to effective competition, and makes the regulatory calculus for government
agencies considering intervention in emerging markets complex and ambiguous.
At least in the case of credit cards and Regulation Z protections for consumers,
however, the heavy hand of regulation may have given established payment systems
the competitive edge they needed to achieve rapid dominance of the market for
retail Internet payment services. If generations of intrusive government regulation
have dulled the wits of consumers to the point they cannot distinguish between
acceptable and unacceptable levels of risk associated with new electronic payment
services, then regulators will face a difficult task in protecting consumers
while not stifling competition. If years of intrusive government regulation
have instead produced a generation of consumers who have a reasonably good understanding
of the costs and benefits associated with existing electronic payment systems
and have a marked preference for those regulated systems which treat consumers
well, then market demand may push providers of electronic financial services
into the arms of regulators. Before the Titans can profit from the latter scenario,
however, many of their existing payment services will need something of a facelift
to meet the technological demands of emerging electronic commerce markets.
The new payment service providers may enjoy a distinct competitive advantage
over regulated financial intermediaries if they are able to compete head-on
without being subject to the regulatory burdens themselves. If the Olympian
developers are able to establish significant market share in emerging electronic
payment technologies before regulators decide to subject them to traditional
financial market regulations, they will enjoy a significant competitive advantage
over their regulated Titan competitors. If regulators want to avoid encouraging
unregulated competitors from taking market share from regulated financial intermediaries,
they will need to maintain their current agnostic position with regard to regulating
innovative offerings by established electronic payment service providers.
Should regulated financial intermediaries choose not to collaborate with technology
innovators, but try to compete directly with them for consumer markets, the
regulated intermediaries are sure to lobby regulators to release them from some
of their current legal and regulatory obligations. If regulators hold financial
institutions to high standards that impose substantial costs and limit their
ability to keep up with more nimble competitors but fail to maintain an equivalent
level of control over those new competitors, regulated financial institutions
would experience a loss of market share without any offsetting increase in the
effective level of consumer protection.109
In an era of deregulation, regulators may face considerable obstacles to expanding
existing regulatory regimes to cover new payments technologies. In 1996, the
Federal Reserve Board ("FRB") issued proposed amendments to Regulation
E to deal with new developments such as stored value cards.110
Congress responded by prohibiting the FRB from taking action to finalize any
amendments to Regulation E until the FRB had determined whether Regulation E
could be applied to stored value cards "without adversely affecting the
cost, development and operation of such products."111
The FRB, duly chastised, delivered its report to Congress on April 2, 1997,
finding that policy statements or education programs might be less costly and
just as effective as regulations in protecting consumers interests.112
Until the technology innovators can mount a more credible threat to the ruling
hegemony of highly-regulated electronic payment services, the wait-and-see and
incremental-reform approaches currently being taken by regulators are adequate,
because the magnitude of the threat posed by emerging services is negligible.
If this trend continues in the future, then regulators in this field may be
spared the task of finding new techniques for domesticating rapid technological
innovation without stifling competition. Competitive offerings from regulated
providers of electronic payment services may permit consumers to continue to
rely on payment services that manage a number of the risks of electronic commerce
fairly and efficiently as well as advancing the technology of market infrastructures.
Instead of resorting to regulation, the problem of competing proprietary solutions
for meeting the future needs of consumers in Internet commerce might be resolved
through the work of standards-setting organizations.113
For example, the current network of retail electronic funds transfers conducted
through ATMs and point-of-sale terminals using debit cards operates today due
to the standardization work of the American National Standards Institute ("ANSI")
Accredited Standards Committee ("ASC") X9.114
The work of open standards-setting organizations might be helpful in resolving
some of the current uncertainty regarding the future direction of electronic
payments technologies. However, formal standards-setting organizations such
as ANSI ASC X9 are competing with a wide range of private and more informal
standards-setting organizations that hope to influence the future of electronic
payments technologies. For example, the Financial Services Technology Consortium115
and the Banker's Roundtable Banking Industry Technology Secretariat116
are financial services industry trade associations that cater to large banks
and financial services companies that have tried to establish themselves as
industry leaders through projects such as e-check117
and the Bank Internet Payment System.118
In 1999, however, not many proposed standards were making headway in the market,
either because they had not yet moved beyond the pilot stage or because, like
SET, they were not being adopted following pilot projects. The very large number
of other putative standards-setting organizations competing within the electronic
payment services market has reduced the probability that any one organization's
standard would achieve universal acceptance and recognition, and so enjoy the
leverage that the network effects of such standardization would provide.119
Two years after the publication of the Magaziner Report, its recommendation
that regulators refrain from regulating until a need has been established appears
to have been sound even when applied to electronic payment systems. The more
utopian projections for the future of electronic payment systems have not yet
been realized, and the more dire threats to regulated payment systems have not
yet materialized. In 1999, the market is dominated by traditional financial
intermediaries offering conventional electronic payment services augmented with
minor innovations to adapt to the Internet.
In the original myth of the clash of the Titans, the Titans first came to
power with the assistance of Mother Earth in their struggle to overthrow Uranus.
The Titan Cronus's efforts to forestall his eventual overthrow were doomed to
fail in the face of Mother Earth's support for the Olympians, and resulted only
in postponement of the inevitable. In the battle for dominance of the electronic
payment systems market, the Titans are clearly still in command and, at least
in the U.S., the developers of alternative technologies have yet to establish
much of a beachhead. This is far from the final outcome, however, as innovative
payment technologies may become established outside the U.S. first, and then
capitalize on their position in global markets to reenter the U.S. market on
more favorable terms in the future. In addition, innovators may succeed in hollowing
out the economic value of the basic payment system franchise, if the services
provided by regulated financial intermediaries become more constrained and commodified,
and competitors gain control of novel interfaces or delivery mechanisms that
narrow the services the payment systems Titans offer.
Consumers have shown a high degree of rationality in their choice of electronic
payment systems, and have stayed away from more risky or less favorable innovations.
Regulated electronic payment systems offer incidental attributes such as float,
or reversibility in the event of dispute. Consumers may migrate toward regulated
systems because they provide these incidental benefits without regard to how
well systemic risk issues are managed. But so long as regulators guarantee the
provision of both, then consumers can migrate toward the most favorable package
of rights and obligations and the system will enjoy the oversight necessary
to keep systemic risk to manageable levels.
Consumer resistance to radical innovation is hard to interpret, but it is
possible that this resistance is based in part on some understanding of the
benefits consumers currently enjoy under existing systems and are unwilling
to surrender without some equivalent benefit. New systems that provide a big
boost to the electronic payment service provider, a marginal benefit to the
merchant and negligible benefits to the consumer are failing, while existing
electronic payment systems that preserve existing benefits are prospering with
only small modifications.
If regulated financial intermediaries continue to meet the demand for electronic
payment services through incremental innovations in established services developed
under the scrutiny of regulators, then emerging payment systems do not pose
as much of a threat to existing payment systems or the economy generally as
once feared. Regulators will have the time they need to gauge the real risk
posed by innovation to existing systems and to adapt existing regulations to
carry forward an equivalent level of protection in new systems.