As part of the deal, FIS will also assume Worldpay's debt obligations, bringing the total value of the agreement to $43 billion.

Upon closing, FIS shareholders will own approximately 53% and Worldpay shareholders 47% of the combined company.

Worldpay, which was formed in January last year through a takeover by Vantiv, processes over 40 billion transactions annually, supporting more than 300 payment types across more than 120 currencies.

The combined firm will serve the “high-growth e-commerce industry” and have combined revenue of about $12 billion.

“Scale matters in our rapidly changing industry,” states Gary Norcross, chairman, president and chief executive officer, FIS. “Upon closing later this year, our two powerhouse organisations will combine forces to offer a customer-driven combination of scale, global presence and the industry’s broadest range of global financial solutions."

The company is forecasting organic revenue growth outlook of between six and nine percent through 2021, in conjunction with $700 million of total Ebitda synergies over the next three years.

It marks the biggest deal by far in the fast consolidating payments industry, elcipsing Fiserv's $22 billion takeover of First Data in January.

Having secured the licence, the company will offer payment services set forth in the Republic of Lithuania Law on Payments: credit transfers, issuing of payment instruments and acquiring of payment transactions.

Earthport’s global payment network powers transactions for the world’s largest financial institutions, ecommerce companies, money transfer organisations and payment aggregators. The only beneficial owner of the company is Earthport PLC, a payment institution authorised by the UK’s Financial Conduct Authority. It is traded on the London Stock Exchange.

In September last year – the ECB produced its first report on Card Fraud since 2015. It is unusual to see a public report that covers all of Europe and there are some interesting viewpoints to be taken from it. And despite the gap in production (and that it relates to data up to 2016 only), it's very clear that Payment Card Fraud is still very much on the increase.

Within the statistics, one in particular caught my eye – the number of cards in every 1000 cards issued that had seen fraud. Within the SEPA region, in 2013 there were 11 cards that saw fraud in every 1000 cards issued; in 2016 that has doubled. And some countries have seen larger increases than that in percentage terms.

For example, Ireland saw 17 cards with fraud on every 1,000 cards issued in 2013, and by 2016 this had increased to 47 cards per 1,000 cards, an increase of 176%. Other mature card markets, like the UK and France have seen similarly large increases – but the smaller markets like Finland, Portugal, Romania have seen even larger increases in terms of percentage values (Finland saw 5 cards per 1,000 seeing fraud in 2013 compared to 18 in 2018, while Portugal saw 2 cards per 1,000 in 2013 compared to 15 in 2018).

So what is behind the increase – and why has it happened? Looking deeper into the historical statistics, CNP is unsurprising still the biggest driver; if you look at European fraud statistics for the last 10-15 years, CNP fraud levels have probably risen year on year in that period. Given the popularity of internet based purchases this is not necessarily a surprise, however, across the region the volume of fraud (in terms of the number of Transactions) in 2016 was significantly higher than the preceding years, driven by CNP and POS fraud on cards issued within the SEPA. Indeed, Portugal was the only country not to report an increase on CNP fraud, but rather an increase in POS Transaction Fraud. However, the value of Fraud lost across the SEPA region has decreased.

So what is now the market trend for card fraud – is it that we are now seeing focused fraud attempts, perhaps at a lower value but an increased volume? Or is it purely the increase in online transactions – including mobile and browser based transactions?

Using other sources of Data – in particular the annual fraud statistics from the UK Finance organisation – we can see that the level of e-commerce fraud during the same period as the ECB reports backs up the increase of e-commerce fraud – in the UK at least. From 2012 to 2016 the annual growth in e-commerce card fraud has been anywhere between 15% and 36% year on year; from £140m (€160m) in 2012, to £310m (€355m) in 2016. Only in 2017 has the growth rate been flat for ecommerce fraud – virtually identical to 2016 at £310m (€355m). To further support this – the Banque Observatoire in France have seen an increase in e-commerce payment card fraud; from €109m in 2012 to €146m in 2016.

The increase in additional digital payment channels plays a part in this – in that payments and purchases are made via internet browser, mobile browser and app. Factor in that organised crime and fraudsters will vary their techniques to attempt to stay at least one step ahead of the fraud prevention teams at cards issuers and merchant acquirers – either through pure account takeover, continuous payment authority scams, test transactions etc.

This means that there is a need for Payment Institutions to use multiple techniques to prevent fraud; for example

Machine Learning and Behaviour Analytics to identify unknown or exceptional behaviour on accounts/portfolios that has not been picked up by specific rules Rules to target known threats and behaviours that could indicate fraudulent activity A combination of the above techniques to create a hybrid monitoring solution

By applying multiple techniques and strategies, payment institutions are then able to focus on their false positive rates to reduce the level of impact to their customers through misidentification of potential fraud and the temporary stops or holds placed on cards. If those institutions can also be reactive enough to change those strategies as threats changes – then there is a much better opportunity to reduce fraud levels, by being as flexible as the fraud perpetrators to counter their actions. 

NETSTARS, a Tokyo-based mobile payment technology company, will join VIA, adding its 100,000 stores to the network’s current 1.6 million merchant partners.

Users of mobile wallets on VIA, including Singtel’s Dash, AIS GLOBAL Pay and soon Kasikornbank’s K Plus and Boost Malaysia will be able to enjoy the familiarity and ease of using their home wallets when making payment at NETSTARS’ merchants, which span airports, shopping malls, food and beverage outlets, tourist attractions and transportation modes across Japan, in the near future. Through VIA, they will be able to pay instantly in their local currency, transact conveniently and securely, and enjoy competitive foreign exchange rates in Japan, and across the networks of all wallet members in Singapore, Thailand and Malaysia. As the VIA alliance continues to grow, wallet members will benefit from the expanding network coverage.

Mr Arthur Lang, CEO of Singtel’s International Group, said, “We are thrilled to partner NETSTARS for VIA’s very first foray into North Asia. Having welcomed Axiata Digital’s Boost Malaysia mobile wallet just weeks ago, VIA’s steady expansion has taken it beyond our associate markets, and now beyond telco e-wallets and Southeast Asia. These partnerships to grow cross-border mobile payments continue to add further momentum to the Singtel Group’s goal of empowering consumers and enabling them to transact seamlessly across borders.” Mr Tsuyoshi Ri, CEO, NETSTARS, said, “We are delighted to join the VIA alliance and collaborate with Singtel to welcome more mobile payment users from Southeast Asia. Together we will bring convenience to both customers and stores as NETSTARS expands its store network from thousands to millions, moving towards a cashless society in Japan.”

NETSTARS is targeting to grow its merchant base to one million stores throughout Japan by the end of 2020, benefitting visitors to one of the world’s fastest growing travel destinations, which in 2017 received some 1.8 million visitors from Singapore, Malaysia and Thailand, the countries which feature mobile wallets on VIA’s network.

VIA was launched by the Singtel Group in October 2018 to create a region-wide payment network that will enable consumers to securely and conveniently pay with their mobile wallets when they travel in Asia Pacific. The Singtel Group plans to progressively expand the VIA alliance to include other regional associates Airtel in India, Globe in the Philippines, Telkomsel in Indonesia, working within each country’s regulations, as well as non-telcos.

Mr. Barbier founded TransferTo in 2005 and turned it into one of the world’s leading cross-border mobile payments network provider before stepping down as its CEO in 2018. Today, some of the world’s largest remittance and payment providers use TransferTo’s services including WorldRemit, PayPal, SingTel, Grab and many others. Prior to TransferTo, Mr. Barbier had also co-founded Mobile 365 which was later sold to Sybase in 2006.

Launched at the start of 2018, MoolahGo is South East Asia’s First true Peer-to-Peer Financial Services e-Marketplace that delivers services by connecting consumers, businesses and providers directly, thereby removing the costly intermediaries. Its platform currently hosts Currency Exchange and Cross-border Money Transfer (Remittance) services. The team is also developing their mobile ewallet product and has sights on other financial services in the future such as insurance and investments. Since its launch, MoolahGo has attracted a large following of customers including Individuals and Businesses. MoolahGo possesses the Currency-exchange and Remittance licenses issued by the Singapore financial regulator, the Monetary Authority of Singapore (“MAS”). It is also an e-Money Holder.

With its unique and proprietary marketplace engine, MoolahGo is able to deliver value to its customers by sourcing and aggregating rates from multiple qualified providers to offer the most competitive price points to its customers. This ensures that its customers are always getting the best deal when it comes to currency-exchange and remittance services which cover more than 40 destination countries from Singapore. Currently it sources rates from banks, non-banks and even other Fintechs. It’s marketplace platform is open to all and is not biased towards a specific provider.

“Having Eric who is a veteran in this business investing in us is a vote of confidence in our business strategy and future. We are also extremely grateful that Eric will be joining our board to contribute actively to our business. With his immense experience, we are confident of achieving even greater successes going forward,” said John Hakim, Founder and CEO of MoolahGo.

“I’m delighted to join the MoolahGo team. MoolahGo is uniquely positioned as a leading FinTech in the Singapore ecosystem. Globally, cross border payments is a $135 trillion market, and Singapore as one of the leading trading hub is at the centre of this business,” commented Eric Barbier.

This is the eighth and final blog in our series on the Contingent Reimbursement Model code (“CReM”) that purports to offer customers strong protection against certain types of Authorised Push Payment Fraud, or “APPF”.

This one concerns the “expectations” and “standards” that firms should abide by, if they are signatories to the code. Firms have to live up to “expectations” and aspire to “standards”, whilst customers have “responsibilities”.

This asymmetry of language says it all really, but we should still delve into the detail.

We have both “General expectations for firms” and then the more specific “Standards for firms” which is broken down into those for sending firms and those for receiving firms.

The “General expectations for firms” can be classed as “hygiene factor” and things that firms ought to be doing in the normal course of business anyway, and probably are – in that case there is no extra effort for them. Of course these things would be unnecessary if firms processed customers’ payments in line with their payment orders.

The introduction to the specific standards section (“SF”) reads as follows:

“These provisions set out the standards that Firms should meet. If Firms fail to meet these standards, they may be responsible for meeting the cost of reimbursing, in accordance with R1, a Customer who has fallen victim to an APP scam.

The assessment of whether a Firm has met a standard or not should involve consideration of whether compliance with that standard would have had a material effect on preventing the APP scam that took place.”

The implications are:

firms may not be responsible for meeting the cost of reimbursing, in accordance with R1, a Customer who has fallen victim to an APP scam; given that firms are the arbiter of their own conduct, the chances that a standard will not be met, and that the firm declares that its failure to comply had a material effect on a case, will be low: they can ignore the standards and make up their mind about reimbursing the customer as each case comes along.

The specific standards for sending firms (“SF1”) permit far too much discretion and leeway in the definitions of their responsibilities. There are too many examples of the standard of firms’ actions being “reasonable” (a subjective and low bar), of “should” instead of “must”, and of the firms being the primary arbiter of their own actions:

SF1.1: “Sending Firms should take reasonable steps to protect their Customers from APP scams”; SF1.1.a: “Firms should establish transactional data and customer behaviour analytics..” (which they will probably be doing as part of their compliance with EBA Regulatory Technical Standards on Strong Customer Authentication and Common & Secure Communication anyway); SF1.1.b: “Firms should train their employees..”; SF1.2.a: “Firms should take reasonable steps to make their Customers aware of general actions that could be taken to reduce the risk of falling victim to an APP scam”, and who will be the arbiter of “reasonableness”? SF1.2.d: “Effective Warnings should meet the following criteria” but they do not have to; SF1.3: “Firms should implement Confirmation of Payee in a way that the Customer can understand”, but they do not have to.

The specific standards for receiving firms (“SF2”) are little more than a partial restatement of firms’ obligations under applicable law. However, their inclusion in the CReM has the effect of socialising the concept that these responsibilities may be voluntary because the CReM is a voluntary code, when in reality the responsibilities are absolute and closely defined.

The SF2 introduction states that “Receiving Firms should take reasonable steps to prevent accounts from being used to launder the proceeds of APP scams. This should include procedures to prevent, detect and respond to the receipt of funds from APP scams. Where the receiving Firm identifies funds where there are concerns that they may be the proceeds of an APP scam, it should freeze the funds and respond in a timely manner.”

These are existing responsibilities of firms and not specific to APPF: they are general responsibilities under legislation such as the Money Laundering Regulations and the Proceeds of Crime Act.

A statement such as the one in SF2.1.a that “Firms must open accounts in line with legal and regulatory requirements on Customer Due Diligence (CDD) using identification processes and documentation that are recommended by industry guidance” is redundant; it is certainly not a special dispensation by firms towards victims of APPF.

In fact the economy of expression in these statements serves rather to understate firms’ obligations compared to where they are set under applicable law.

Finally, in amongst the “motherhood-and-apple-pie” list of obvious actions that firm should follow when dealing with a claim under the CReM, we have an interference in the customer’s absolute right to raise their case to the Financial Ombudsman Service, namely in R4.3: “Following notification of a reimbursement decision, if the Customer is dissatisfied with the outcome and wishes to raise a DISP complaint, Firms should ensure that conclusion of the customer’s case is not unnecessarily delayed and allow them to raise a case with the Financial Ombudsman Service should they wish/need to do so”.

Firms have no right to stop eligible customers raising a case, so there should be no mention of “allow them to”: the insertion of this illusion infringes customers’ rights in that it socialises the concept in an Industry code that firms have a say in the matter.

The firms have offered nothing in the standards they are volunteering to follow that they are not obliged to do under applicable law, or that they are not already doing as “motherhood-and-apple-pie” Business-as-Usual processes. Indeed, including such actions in a voluntary code sprinkles a certain magic dust over them, making these actions appear to be specific to APPF when they are general, and making them appear new and voluntary, when they are existing and obligatory.

This serves to obscure that firms’ obligations may already go further than what they are volunteering to do in this code, and throws sand in customers’ eyes as to what their rights are.

The formulation of the CReM should have started with firms’ existing obligations as a baseline, and built further voluntary actions by firms on top of this “acquis”. Instead firms have got away with volunteering to do less than the baseline.