Home

In 2014, AF Payments won the concession for the automated fare collection system of the three light rail systems in Manila. The concession was supposed to run for ten years, but as far as I know, it is still going, so they must have agreed to extend by a few years.

During my time with AFPI, I devoted a lot of time dealing with the Concession and the government. At times my patience was severely tested.

As such I got my virtual popcorn out when I learned the exciting news that the Department of Transportation (DOTr) has announced that they will open the bidding for a new Philippine Automated Fare Collection System (PAFCS) concession this year.

I confess that I am not the "bigger person" here. I am fascinated by the spectacle of somebody else being lead to the slaughter.

There is not much more information about the content of the bidding document which was developed by ADB (1). As usual, I took some educated guesses and summarized the little there is in my new blog post.

In reference to the famous first line of the communist manifesto "Ein Gespenst geht um in Europa – das Gespenst des Kommunismus.", I venture that a spectre is haunting the payment industry — the spectre of interchange regulations.

The most recent example is a "…​ Review of Merchant Card Payment Costs and Surcharging (the Review) as part of the RBA’s regular review of its retail payments regulation …​" (1)

Unfortunately, as expected, banks and regulators only know one set of tools - regulations, compliance, bureaucracy. And if all they have is a hammer, then every problem looks like a nail to them.

Authentication is nearly ubiquitous and true card-not-present fraud should be a thing of the past.

Merchant scams and authorized transaction fraud, on the other hand, are a growing, but by no means a new problem. Authorized fraud used to be called “friendly” or “first party” fraud. We used this term because we assumed that the customer knew what they were doing and later regretted the purchase and used the chargeback system to get their money back.

The payment schemes had no reliable statistics about the scale of the problem. Nobody truly knew how many card-not-present chargebacks were “friendly” fraud vs. justified chargebacks. I now believe that during my time in the payment industry, we did not differentiate sharply enough between actual payment fraud, malicious cardholder chargebacks and merchant scams.

I am a fan of QR payments. Not because there is anything special about the technology, but because it returned competition to the payment market.

QR payments wrestled the true meaning of the word “open” from the so-called “open-loop” systems, which are as open to new players as the Berlin Wall was to the citizens of East Germany.

Unfortunately, some of the main beneficiaries of the new market have grown complacent and seem to think that their success has made them invulnerable to the old, card-based systems fighting back. GCash, the largest consumer-side player in the e-wallet market in the Philippines, is an unfortunate case in point (also see my post on the GCash user experience).

Payment professionals seem to have this idea that they are the knight in shining armor who is standing between the clueless and childlike customer and the omnipotent criminal. In their pursuit of safety for everybody, they seem to be willing to sacrifice privacy, self-determination and individual responsibility one small step at a time.

I say that customers are perfectly capable and willing to take responsibility for their actions, and they should bear the consequences of their actions instead of hiding behind the bogeyman of the criminal who, in the imagination of the risk managers, keeps getting ever more sophisticated and smarter every year. By now, all these online criminals must be geniuses that would make Prof Moriarty look like an amateur.

Competition is good, and any open and interoperable payment system should make it easy for new players, small and big, to join. In this spirit, I am happy that another e-wallet has entered the market: MannyPay.

To satisfy my curiosity, I downloaded the app on my iPhone and tried to enroll. Unfortunately, I did not manage to get past a nonsensical error message, and the app froze on the screen where you are supposed to enter a passcode from a text message (which also never arrived).

Nevertheless, I have some initial comments, and I will update this post when they have fixed their teething issues.

Everything that can be said about merchant surcharge and interchange fees has already been said, for instance (1), (2) or (3), but it hasn’t been said by everybody yet. Especially not by me. So, here I go.

Instead of innovating payments, the new breed of QR/A2A payment schemes too often think of their system as a “primitive” form of card payments. Or, they treat payment merely as an enabler for their ambition of becoming a virtual bank. There is too much data, too much functionality and not enough effort to make the payment process better.

In this post, I want to make the case for removing data from QR payments.

In my view, the principles of any new payment system should be: “Payment moves money efficiently, anonymously and conveniently (for the customer). Use of account information is kept to a minimum. There should be no personal data.”

In my previous post, I voiced my opinion that many merchants use their personal GCash account to accept payments. At that time, I was thinking of the proprietary GCash QR code that would only work for customers who use their GCash wallets. More recently, I noticed personal QR codes that seem to work with all e-wallets and mobile banking applications. I tested this specifically with the BPI banking application and the GCash wallet.

Have I found the P2P QRPh?

In this post, I am analyzing the data and the formatting that is used for the P2P QR code. If you are curious, you can also run your own QR codes through my QR Decoder.