Will the titans of payments clash over open banking?
PayPal and Mastercard are independently making high-profile moves to shore up gaps in open banking and data compliance, and both companies are downplaying any competitiveness.
It's delicate ground for two companies that have only recently become formal allies. Mastercard and Visa made deals with PayPal in 2016 in which the sides agreed to cede some competitiveness in exchange for interoperability, though Visa was more publicly combative with PayPal before that deal.
While open banking is meant to build bridges among financial services companies, the competitive question is, simply: Who gets to build that bridge?
Mastercard has launched four products over the past few days—a single connection to banks’ open banking function, real-time verification of third party registration, centralized query and dispute resolution, and advisory services.
PayPal has launched its PayPal Commerce Platform, which is designed to help businesses scale and connect with PayPal’s 227 million users, with 100 currencies available. PayPal will also manage compliance in more than 200 markets, provide access to mobile point of sale, business financing and consumer credit, and embed AI risk and fraud tools.
In PayPal’s announcement, Chief Operating Officer Bill Ready mentioned regulations such as GDPR — which, like PSD2, is a data-related regulation — and open banking as catalysts for the move. Ready said these trends are shaping a new environment for everyone to navigate, adding powering digital commerce is not something that any one company can do on its own.
Mastercard is using Token.io’s platform for its open banking technology, while PayPal has invested in Tink, which is a competitor to Token.io in open banking IT, said Ron Van Wezel, a senior analyst at Aite Group.
That raises the possibility of competition, an issue the card networks and PayPal have wrangled with in the past. Beyond their past rivalries, the card brands have more recently pushed a single "buy button" for online payments under a framework called Secure Remote Commerce, a move that's seen partly as a competitive play against PayPal that could threaten the detente between the card brands and PayPal.
Mastercard will use partners to build its API connection, with Token being among these partners, said Jim Wadsworth, senior vice president of banking for Mastercard. “There are other players in this market that are also active,” Wadsworth said.
Among other global players, China’s Tencent, which operates WeChat Pay, recently invested $35 million in TrueLayer, another open U.K.-based open banking technology firm that counts Monzo among its clients.
Wadsworth did not comment on PayPal or other companies pursuing open banking solutions in Europe. He did say that as a company that serves two sides of an industry — issuers and merchants — Mastercard is well-positioned to support open banking.
PayPal is also not publicly treating the market of companies pursuing PSD2 and open banking technology as competitors.
"We are looking at forming partnerships to help companies grow and alleviate all of these payment related pain points," said Manju Thomas, vice president of partners and marketplaces.
Among the PSD2 and open banking-related issues PayPal hopes to address are compliance and payment processing, particularly for online communities and small to medium sized businesses, Thomas said. "One of the key areas is to let them focus on their business. Payments is our core."
For the thousands of banks, merchants and fintechs hoping to adhere to PSD2, GDPR and other open banking migrations, PayPal and Mastercard are both trying to build interoperability and shore up holes that may slow progress. Application programming interfaces are a major part of that, since APIs build the connection banks and fintechs. An API is beneficial because it makes banking programmable, said Van Wezel, adding it allows third-party developers to access bank data and functionality to create new value for customers.
These APIs are growing quickly because of PSD2. By March 2019, 73% of European banks were testing APIs, according to token.io, Wezel said.
“The issue is however, who is going to use these APIs? Banks are using multiple standards, including proprietary ones,” said Van Wezel, who added that connecting to 4,500 banks in Europe will be a massive task for any fintech or merchant. “Therefore, consolidator models will be required. That is, providers that make the connection to the different banks and provide a single API for developers to consume for the new account information and payment initiation services.”
APIs lack harmony, and these complications are going to get worse because open banking is not developing in the same way in every country. In some markets there’s regulation and in some there’s market forces.
“If I want to benefit from a connection between a financial institution to a fintech through an API, do I want to serve a bunch of big countries, or do I want to serve one small country? There’s no standard for how these APIs work,” Wadsworth said. “There’s actually about six standards in Europe, but there’s even differences in there. The connectivity is the challenge. What we’re trying to do is give a unified front end. We’ll connect to all of the countries in the background, and that relieves the banks of doing that plumbing.”
Another issue is service and risk. In most cases if there’s a transaction error, the consumer goes to the bank for a resolution. The centralized dispute resolution service is designed to manage that issue, Wadsworth said.
Mastercard is focused on pushing its open banking tools in Europe for now. The addition of other markets will further complicate the API issue for open banking, Wadsworth said, though he adds Mastercard is also focused on markets outside of Europe.
There are also other problems such as geographic differences and how risk will be managed among companies that are connected through open development.
Open banking in the U.S. is evolving through PFM services like Mint and apps such as Venmo, which have cross-account functions or aggregation build into their models. “There’s not a regulatory dynamic but a sheer normal competitive dynamic. But really that’s the exception more than the rule for open banking," Wadsworth said, adding most open banking has a regulatory component.
“With PSD2 the customer authenticates directly with the bank,” Wadsworth said. “In the U.S. the customer shares the underlying bank credentials.”