Routing headwinds are the reason for debit networks' lag
The payments industry should not be fooled by the argument that implies U.S. debit networks have not kept up with investments as the broader market has evolved.
The real reason that merchants face routing impediments is that the global brands have used their market share power to thwart industry and regulatory desires to maintain a robust, competitive, compliant and fair payments system.
U.S. debit networks have made significant investments in providing open, ubiquitous access to payment transactions allowing choice and flexibility for payment stakeholders to route and receive transactions.
PIN-less debit products for e-commerce and dual message products for card-present transactions are two of the most recent examples. The U.S. debit networks have always been strong supporters of open standards created through open, consensus building.
These standards promote fair and equitable access to a payments foundation that includes adherence to and improvement of a better payment experience, stronger customer authentication and higher transaction security. Here are a few examples:
The addition of PIN as a form of consumer authentication many years ago was not unique to a single debit network, but open to all issuers and issuer processors for verification, as well as all debit and global networks that supported the appropriate data elements and open standard PIN cryptography for transit. At no point was any given implementation of the PIN restricted just to a given regional debit network, or the owner of such an implementation.
Originally, technologies such as biometrics (e.g. fingerprint/facial recognition), tokenization and risk-based authentication were concepts that were not initiated by any particular payment network, rather built by non-payment network entities. These technologies were intended to be interoperable across debit networks, but more recently global brand implementations and rules restricted these technologies for their own purposes.
U.S. debit networks have created and deployed industry leading fraud mitigation products and services. The latest developments include support for fraud engines with auto-scoring capabilities, use of AI to improve risk mitigation, and API-based enablement for access to third-party databases and applications. Fraud attack vectors typically become distributed knowledge throughout the ecosystem where all stakeholders can benefit from a shared consortium of fraud mitigation rules.
In contrast, the global networks continuously use their market power to effectively mandate exclusivity. Some global brands have restricted the data available for debit fraud mitigation due to their rules, thus attempting to limit the effectiveness of U.S. debit network products.
For example, EMVCo promulgated a payment tokenization specification that has been promoted internationally on the grounds of interoperability and ubiquity. Yet global brand implementations in the U.S. of this specification have limited its use to restrict routing to just the network provider that is associated with the owner of that tokenization implementation. A reading of Regulations II’s section 235.7(b) would indicate that such an implementation for debit in the U.S. would put those global brands out of compliance.
The global brands have implemented specifications that enhance payment security but do so to the disadvantage of U.S. debit networks. Two prime examples of this are both global brands’ policies regarding the prohibition to use CDCVM/ODCVM by U.S. debit networks and the prohibition by one global brand of Offline Data Authentication (ODA) usage on the U.S. Common Debit AID on contactless debit transactions.
The lack of a minimum implementation requirement from EMVCo regarding specification compliance has encouraged an environment that allows the global brands to impede U.S. debit regulatory requirements.