News & Insights
The Rise Of Digital Mobile Payments And Current Regulations
Onur Küçük | MANAGING PARTNER
19.09.2023Cashless and contactless interactions have dramatically increased over the last few years, driven by several factors, such as the increasing adoption of smartphones, the growth of e-commerce, and the need for contactless payments during the COVID-19 pandemic. Digital transactions have become commonplace and straightforward daily for many users in every field. Most consumers switch from traditional payments with plastic cards to online payments via smartphone apps. The total transaction value in the Digital Payments market is expected to reach US$ 76.18 billion by the end of this year, and this figure is expected to approximately double to US$ 137 billion in the next four years. The use of digital payments, along with the development of Fintech services, also points to a direct relationship with the development level of electronic commerce, consumer income level, and the competitive environment in the retail sectors of different countries.
Making Payments with Digital Wallets
Mobile payment is a type of digital wallet explicitly designed for use on devices such as smartphones, watches, and tablets. With mobile payment, customers carry out contactless payment transactions by saving their credit cards and debit cards in their wallets. GarantiBBVA's BonusFlaşı and Yapı ve Kredi Bankası's World Pay can be given as examples of these applications. In businesses that accept mobile payments, the customer can easily purchase the product he wants from a clothing store or filter coffee from a coffee shop by using his bank's mobile payment application and does not have to take out his physical credit card or carry cash for these transactions.
Digital wallets, or e-wallets like BKM Express, Google Pay, Apple Pay, and Venmo, allow customers to securely store their bank card and bank account information and make payments for goods and services in-app or in-store. With some digital wallets, customers can save loyalty cards and coupons to their wallets without carrying a physical card. In this way, it enables easy tracking of the advantages. The customer makes online purchases without having to enter payment information each time.
When digital wallets are used to make contactless payments, the NFC (Near Field Communications) system and QR codes come into play. NFC, short for "Near Field Communication," is the name of the technology that allows users to exchange data in an encrypted manner using radio waves between two devices nearby. When a customer holds his phone over a device to make a payment, the customer makes an NFC payment, also known as contactless, and users make payments safely and quickly. Since NFC payment readers can only connect to one device at a time, there's no way another customer could be accidentally charged. Payments can be made with NFC technology using smart watches, payment bracelets, and fitness-tracking devices that fall into the wearable technology category.
Using these technologies, you can buy coffee with your smartwatch without returning home to get your wallet. QR codes store the information required for payment in the barcode and use the smartphone's camera and scanning system. After the customer makes the payment by scanning the QR code, the system verifies that the payment has been sent to the correct person or business. In addition, payments can be made directly through the operator billing system. This method allows consumers to pay for goods or services online by crediting the transaction to their mobile phone bill. Customers do not have to enter credit card and bank account information on their phones to make purchases. All they have to do is enter their phone number to make the payment; going through a bank is unnecessary. Customers only need to have a smartphone with regular carrier payments.
Why Should Payment with Digital Wallet Be Preferred?
The advantages of e-wallets over traditional payment methods need to be more obvious to ignore. We can list them as follows:
1. Less commission fee: As the issuer and transaction operator of payment cards, the bank receives commission fees from businesses for the services it provides. The amount of commission fees varies depending on the turnover of the company. The higher the sales volume of the business, the higher the prices. While companies try to cut costs to make their businesses more profitable, they also face transaction fees imposed by banks. Therefore, one of the most suitable solutions for businesses is to set up their own branded payment cards and systems. Loyalty cards, payment cards, savings cards, discount cards, etc., are called closed circuit cards, which we can call the local version of Visa and MasterCard. Cards like these are very beneficial for businesses. However, to make a profit for a business, the system must implement applications that offer consumers digital payment opportunities suitable for smartphones instead of physical cards. This way, companies save on plastic card issuance costs while maintaining the full functionality of this solution. It also encourages a more competitive environment among businesses in the provision of goods and services.
2. Fast purchasing processes: The second golden rule for a business after maintaining and improving profitability is to ensure maximum comfort for its customers. Customers are very prone to abandon their purchases due to both long queues and tensions at the checkout. Therefore, businesses retain customers as only a few seconds and touches are enough to make a payment through an e-wallet application. These solutions save customers time by eliminating the need to queue.
3. Sustainable approach: Electronic tag technologies such as RFID reduce the use of printed materials and tons of paper used to produce brochures, billboards, and coupons. It provides businesses with the opportunity to save costs. Thanks to payments made through digital wallets, business owners can continue their operations without creating a carbon footprint and have the potential to attract customers with environmentally friendly practices.
4. Maximum security: Security methods developed for contactless payments with NFC payment infrastructure ensure that cards are not exposed to attacks, cloned, and suspicious transactions are prevented. At the same time, since two NFC-compatible devices must be at least 4-10 cm away from each other for NFC to work, it minimizes fraud threats by malicious people. This way, the risk of customers' card information and data being stolen during the payment process is shallow.
What are the Current Regulations for Digital Wallets?
Legal regulations for digital wallets vary by country and region, depending on the digital wallet's legal status, scope, and functionality. For example, in the European Union, digital wallets are subject to the Payment Services Directive (PSD2), which aims to promote innovation, competition, and security in the payments market. PSD2 requires digital wallets to comply with established licensing, authentication, data protection, consumer rights compliance, and dispute resolution rules. Again, Strong Customer Authentication (SCA) is a regulation in PSD2 that includes directions on using authentication information and biometrics, where multiple factors are foreseen for customer identity verification when making electronic payment transactions. It is designed to protect customer data and reduce fraud, especially for remote transactions. This applies to customer-initiated contactless payments in Europe; most card payments and all bank transfers require SCA. These rules for online card payments apply to transactions where the business and the cardholder's bank are in the European Economic Area (EEA).
In the United States, the legal infrastructure of digital wallets is regulated by several federal and state laws and agencies, such as the Consumer Financial Protection Bureau (CFPB), Federal Trade Commission (FTC), Office of the Comptroller of the Currency (OCC). These laws and institutions include rules on consumer protection, anti-money laundering, and bank supervision.
In our country, issues related to digital wallets and payment services are covered by the Law on Payment Services and Electronic Money Institutions and the Law on Amendments to Certain Laws ("Law No. 6493"), the Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers ("Regulation"), It is regulated in the Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in the Field of Payment Services ("Communiqué") and in the Guide on Associating Business Models Offered in the Field of Payments with Payment Service Types ("Guide"). In our law, digital wallets are accepted as a means of payment, and payment service providers and licensed organizations can offer digital wallet services. At this point, the institutions providing digital wallet services must be authorized to issue or accept the payment instrument. Payment and electronic money institutions also should maintain a minimum equity capital. In the relevant communiqué where the regulation is foreseen, minimum equity amounts change yearly. In addition, the guide also determines in which situations and activities organizations providing payment services must obtain an electronic money license. In these aspects, the guide regulates the conditions requiring CBRT's permission according to payment service, field of activity, and business models.
Another essential issue in payments made with digital wallets is data protection and confidentiality by payment and electronic money institutions. In accordance with the regulations in the Communiqué on this subject, these organizations are subject to KVKK in data processing. The board of directors is held responsible for ensuring the confidentiality and security of personal data. The obligation to take additional precautions for sensitive data stipulated in the legislation and to inform both the Personal Data Protection Authority and customers in case of a possible data leak is also included. In addition, these organizations are obliged to keep personal data and documents for the period stipulated in the legislation. When paying via a digital wallet, customers' personal information, such as name, address, and payment information, may be collected by the merchant or payment processor. This information may be used for a variety of purposes, including:
• Payment processing
• Tracking purchase history
• Targeting with ads
Therefore, to avoid legal risks and license revocation, it is crucial to be aware of the consequences regarding privacy in digital payments and strictly follow the legal regulations.
Thanks to advanced technologies, customers seeking comfort and convenience are increasingly adopting digital wallets every day. It provides cost savings and profitability for business owners in digital wallet payments made by customers. Because digital payment solutions are reliable and secure, they change customer habits and reduce the need for physical cards. Digital payments, which enable customers to make faster transactions, are becoming increasingly popular and revolutionizing how businesses accept payments.
Due to its dynamic structure, there are different regulations regarding digital wallets and payments in our country and foreign countries. With the amendment made in Turkey in 2018, the powers regarding regulating and supervising payment and electronic money institutions passed from the BRSA to the CBRT. Following this change, the issues regarding implementing the existing Law No. 6493 and the regulation were clarified with the publication of the Guide on Payment Services and Business Models. Since the legal rules complement each other in terms of scope, they should all be carefully evaluated by payment service providers. While the regulation regulates payment and electronic money institutions to obtain operating permits for the payment services they want to offer, more transparent information about what payment services is and their nature is included in the guide. Accordingly, in the manual, explanations are made according to the types of payment services, and the business models of these services are explained from a sectoral perspective. For example, the issuance or acceptance of a payment instrument is regulated as a payment service for which an operating permit must be obtained per Law No. 6493, and the guide includes the same issue for customers to give instructions to banks via their digital wallet as a means of payment. The reflection of this as a business model for the sector is mobile payment. Again, in the guide, since "Virtual POS" and "Physical POS" business models allow payment instruments in the workplace, in parallel, when looking at Law No. 6493, it is regulated to provide the necessary conditions and obtain permissions to provide this payment service. In addition, the guide also includes the necessity of the evaluation to be made by BRSA within the framework of the Debit
Cards and Credit Cards Law No. 5464 for Virtual POS and Physical POS.
As mentioned above, the Laws, Regulations, and Communiqués in force must be examined in detail by organizations applying for an operating permit. Because the audits are carried out after the license is granted by the CBRT, they can be cancelled if compliance with the relevant legislation is not ensured, and irregularities are detected. Some of the regulations envisaged by the CBRT regarding the cancellation of the license are that an organization providing mobile payment services does not keep personal data and records for the period stipulated in the legislation, contracts signed with third parties are not shared with customers within the scope of the information obligation, and risk management departments are not established in the organization of the organization as foreseen. Considering the Communiqué on the minimum equity obligations of electronic money institutions issued by the CBRT, we can say that following the legislation is very important for payment and electronic money institutions.
Considering the speed of technology, we expect new regulatory steps in the coming days as new legal regulations come into force with every innovation regarding payment services. However, since the existing and new legislations include regulations that overlap in terms of subject and scope, there will always be a need for explanatory and informative guides, just like in the manual. Regular legislation monitoring must be carried out meticulously, especially by payment and electronic money institutions.