Why is there no "pay me directly" standard?
By @edent
· money · 8 comments · 500 words · read ~296 times.
If you have a bank account, you probably have an IBAN - an International Bank Account Number. It is a well-structured text string which unambiguously identifies your account.
A typical UK IBAN looks like GB33BUKB20201555555555 - with it, you can send money to that account from any bank in the world. OK, some banks make international transfers complicated or expensive, but it generally works!
Wouldn't it be great if I could write a URl like iban://GB33BUKB20201555555555/GBP10 or https://iban.pay/GB33BUKB20201555555555/€50 or similar. Then, when you click it, you *waves hands* can send me a specific amount of money.
PayPal already does something like this. https://paypal.me/edent/gbp10 lets you send me a tenner.
A couple of UK "Challenger Banks" have done this for several years. Monzo.me and Starling's Settle Up both offer this feature. Of course, if you're not with either of those two banks, it's a bit complicated to go from their link, to your bank, to make the payment.
So why is there no industry standardisation around this? Surely the basic steps are simple:
- Your bank's phone app associates with
iban.payURls. - It grabs the payment info from the URl.
- An API call to get the payee's name / other details.
- You authorise the payment.
And, if you don't have an app, the iban.pay website asks who you bank with, and then send you to your bank's website to make the payment.
Obviously, that's the happy path - and the reality is going to be a lot more complex. But after half-a-dozen years of banking apps getting popular, why hasn't this happened yet?
Some thoughts
Banks are like mobile phone operators: they'd rather nobody has anything good than they and their competitors share something good. This is the same concept as paying by mobile, and exactly the same thing prevents it: utter refusal to cooperate or be open. https://t.co/C683J4Tbwm
— Stuart Langridge (@sil) February 26, 2021
Yup! I worked in the mobile network space long enough to know that large companies are terrified of collaboration. Sometimes it is a well justified fear of being branded a cartel, but it mostly seems to be because they think they can be the only winner.
There are concerns around fraud. In the UK. Authorised Push Payment scams are endemic. Can you trust that the sender of the payment request is really the nice person who did your guttering?
Some banks also run credit cards - and they'd rather collect the fees from those.
But surely there is profit in this for banks? There's money to be made in currency conversion. For small businesses, getting money in the bank means paying less in credit card processing fees - and fewer cashflow issues. Once a customer has shared their IBAN link, they may be less likely to churn.
This (probably) isn't something that a startup can tackle. This requires big, old, slow-moving, mega-corporations to co-operate. So it is unlikely to ever happen.
Mastodon
Twitter
Facebook
LinkedIn
Reddit
HackerNews
Lobsters
Pocket
WhatsApp
Telegram
I completely agree with this, and not just because I'm quoted in it 🙂
The startup could provide the API "wrapper" to the traditional bank? Paypal can deposit to my bank account without fees, same process could happen with a third party IBAN protocol provider. Then they slowly add customer banks to make setup more transparent to the end user.
In the UK there's PayM
paym.co.uk/how-it-works/
And in NL Tikkie
consumervaluecreation.com/2017/02/12/tik…
Perhaps not quite what you were looking for, and mobile and app centric. (with Tikkie there is a URL component, not sure with PayM).
The UK doesn't have this, but other countries do. In Luxembourg all banks are in a scheme called Digicash you can request or send money via link or QR. QR codes are also printed on bills in restaurants etc., and on some utility bills. It's interoperable with Payconiq in BE too
I thought about this when we did the first Open Banking report a few years back. It suggested that banks should provide a standard API, and allow delegation of access with OAuth (all pretty reasonable). Then I realised that with OAuth, you could use the scopes to dynamically delegate permission for transfers, like "Give this website permission to take £10 from my account". However, the idea that OAuth could replace basically all existing payment systems was a bit of a big one, and I didn't mention it in the report for fear of freaking people out and binning the entire idea.
If I recall correctly, SEPA mandates that banks do not charge more for international IBAN transfers than they do for domestic transfers. I'm not sure if the UK is still in SEPA after the dust has settled, but assuming an international transfer is more costly for a bank than a domestic one (although there's really no reason why it should be), that would give banks an incentive not to standardize around IBAN
I guess the biggest risk is showering my bank details everywhere with no way to stop misuse and no easy way to change them e.g. https://www.theguardian.com/money/2008/jan/07/personalfinancenews.scamsandfraud
To suggest an answer to perhaps one of the issuses - that raised by Rob - I've long thought that bank, etc. accounts should have separate numbers for 'being paid' and 'other purposes' (which mean several other numbers). So you can publicise your payee number - for money to reach you - without the risk of having money taken from your account (which requires a different number).