Ximedes Online Payments
A strategic choice for banks
Help Merchants accept Online Payments
The size of the European B2C e-Commerce market is €899 billion and growing at a rate of about 8% (European e-Commerce report 2023), and online payments are an essential part of its infrastructure. While some say payment specialists like Adyen and Stripe have cornered the market for online payments, we belief there is room for ambitious banks to obtain a relevant market share. For many banks, payment form a core part of their strategy, and many rely on Ximedes for its technical execution.
WHY
Why Banks offer Online Payments
Payments are at the core of banking
Banks have been offering account-to-account payments to their clients for decades. A survey conducted by Ximedes in 2023 showed that payments and account services together contributed 35% of European banking revenues, confirming earlier numbers reported by McKinsey and the EBA.
Cross-selling
Banks providing merchant services gain valuable insights about their customers. Customer profiling across their product portfolio allow banks to make informed decisions on acceptance, fraud and payment mix optimization. They can even create new financial instruments, such as a loan which is paid back in proportion to that months’ revenue.
Retaining clients
But today’s merchants need more than traditional payments. In this fast-paced era, merchants must embed an ever-evolving collection of payment methods in their e-Commerce offering. Offering a full set of merchant services is crucial to retaining clients. With payment service providers (PSPs) like Stripe and Adyen expanding their service portfolio with traditional banking services like loans and factoring, banks must act to prevent their merchants taking their business elsewhere.
How it works
The Rails of European Payments
Account-to-Account Payments
In the Euro zone, account to account payments are regulated through the SEPA (Single Euro Payments Area) initiative. SEPA regulates domestic payments as well as cross-border payments and aims to streamline payments within the Euro zone. There are two principal types of SEPA payments. A SEPA Credit Transfer (SCT) is a one-off payment from a bank account in any SEPA country to another, using standardized ban account numbers (IBAN, International Bank Account Number) and sometimes the BIC. Recently, instant payments (SCT Inst) were introduced which guarantee that the recipient sees the money in their account within 10 seconds.
Merchants that are mandated by a consumer may use SEPA Direct Debits (SDDs) to retrieve money from the consumer's bank account. SDDs are well suited for recurring payments.
Cards
Card payments are the dominant digital payment method in physical stores and a major method in e-Commerce. Customers use their card (provided by an issuing bank) at a point of acceptance operated by the merchant. The merchant’s acquiring bank requests authorization from the issuing bank, using an extensive set of rules mandated by the card scheme. Schemes are defined by companies like MasterCard and VISA, and define infrastructure, messages and set pricing rules for all participants.
Alternative Payment Methods
A catch-all category for payment methods that are not account-to-account or cards is Alternative Payment Methods (APMs). These include Buy-Now-Pay-Later schemes, digital wallies like PayPal, and Request-to-Pay methods where a payment request is sent from the merchant to the customer by phone or mail.
Almost all alternative payment methods are based on the foundations provided by SCTs, SDDs or card payments. For instance the Dutch payment method iDEAL leverages an SCT in a clever way, and so does the Spanish Bizum. Portugese Multibanco Nets is based on (virtual) cards, while PayPal supports both cards and SEPA payment methods as funding options.
HOW
How Banks enable Online Payments
The Merchants' Dilemma
In theory, a merchant can integrate directly with card acquirers, their local bank for SDDs and APMs to allow them to accept payments from consumers.
In practice, the compliancy effort and investment in technology required to integrate directly is prohibitive for all but the largest merchants. They would have to interface with the card acquirer, the bank and the APMs, and keep those connections up-to-date while remaining compliant with extensive security frameworks like PCI-DSS for protecting sensitive payment data.
Payment Service Providers
Payment Service Providers (PSPs) are companies that try and make it easier for merchants to accept multiple payment methods. They attempt to streamline the onboarding and merchant acceptance process, provide easy programming interfaces (APIs) to initiate payments, and offer extensive support for integrating with the most common e-Commerce platforms.
Online Payment Gateway
The core of a PSP proposition is an online payment gateway. This gateway provides an API on the merchant-facing side, so that the merchant has only one technical connection to make.
The gateway connects to a range of card acquirers, APMs and banks using certified and secure interfaces. This allows the merchant to offer multiple payment methods with a single integration effort.
Ease of integration is an important part of the value proposition of PSPs. They generally invest to make it easy for developers to implement, test and maintain integrations. This includes offering extensive documentation, sandbox environments for testing, and access to monitoring and operational dashboards.
e-Commerce Plugins
Many online merchants use off-the-shelf e-Commerce software such as WooCommerce, Magento, or Shopify, to power their business. Most PSPs offer plugins for these platforms, making it even easier for merchants to integrate with them. With a few clicks, merchants can be up and running in minutes.
Offering e-Commerce plugins is an essential part of the PSP proposition, in particular for the SME segment of merchants.
Relieving the merchant of the PCI burden
Any party processing cardholder data needs to be compliant with the Data Security Standard of the Payment Card Industry (PCI-DSS). Compliance with PCI-DSS requires extensive technical and organizational capabilities, and non-compliance can lead to significant fines.
As part of their service offering, payment service providers try to relieve their merchants from the burden of PCI-DSS compliance as much as possible, typically by avoiding any need for merchants to directly process card data in the first place.
Hosted Payment Pages
By far the easiest way to make sure of this, is to provide Hosted Payment Pages (HPP). When a consumer is on the merchants website and indicates that they are ready to pay for their order they are redirected to a separate payment page, operated by their PSP. On this page the consumer can fill out their card details and complete the payment, with the card data never going through the merchants' systems.
Javascript Library
Although HPPs are extremely convenient and simple to set up, they do not offer the most seamless payment experience. As a PSP or bank you can also offer seamless integration through a Javascript library, which the merchant integrates in their shop. The library accepts card details on the merchants' website, but immediately encrypts them and sends them to the payment API. This yields a nicer consumer experience, but at the cost of a more complex integration and an increased PCI-DSS burden for the merchant.
Merchant settlement
There are two kinds of payment service providers – distributing and collecting. Distributing PSPs help the merchant connect to the different payment methods, but leave merchant payout to the card acquirers, APMs and banks behind it.
A collecting PSP not only provides a unified API to initiate payments, but also receives the monies from the card processors, APMS, etc. The PSP then settles the correct amount with the merchant, together with a unified report across all payment methods.
For the collecting PSP it does not mean that they have to reconcile all the incoming money, and have a way to tag the right amount for the right merchants.
create valuable insights
Omni-Channel Merchant Portal
Merchant portals are the main point of interaction between the merchant and their PSP. Primarily they provide information on the transactions processed by the merchant and the settlements.
On top of that they typically allow the merchant to manage their contract and services (like allowing them to order more terminal or enable new e-Commerce payment methods). Also, new merchants should be able to initiate their Know Your Customer (KYC) process from the merchant portal, providing the information to the bank that identifies their company, the companies directors and owners as required by European legislation.
PSPs offering support for both card and/or cash payments in physical shops, as well as e-Commerce payments are called omni-channel PSPs, and omni-channel reporting is an essential part of their offering.
How Ximedes helps to provide online payment services
Ximedes has a rich history in developing software for Payment Services. As early as 2002 we developed "The Way You Pay" (TWYP) for ING, one of the first payment platforms in the Netherlands.
We didn't stop there. Currently we help Rabobank (see case study) improve and maintain the comprehensive payment infrastructure we developed for them.
Ximedes has a massive experience developing each of the components discussed on this page: terminal gateways, online gateways, merchant portals, reconciliation and settlement modules or indeed a complete payment infrastructure. Contact us to learn more and find out how we can help your organization.